ÿþShared User Data: 0xFFDF0000(248000) Product: NT Workstation Suite: NT Version: 5.0 System Time: 0x1c569de5fde8a10 2005-06-05 14:53:46Z Time Zone ID: 2 Bias: 144000000000 Local Time: 0x1c569bcd8ccea10 2005-06-05 10:53:46Z Tick Count: 0x3148e8c System Root: C:\WINNT Processor Architecture: StandardDesign Processor Features: FloatingPointPrecisionErrata: FloatingPointEmulated: CompareExchangeDouble: X MMXInstructionsAvailable: X PPCMovemem64BitOk: AlphaByteInstructions: XMMIInstructionsAvailable: X 3DNOWInstructionsAvailable: RDTSCInstructionAvailable: X PAEEnabled: XMMI64InstructionsAvailable: Large page minimum: 0 Debugger Enabled: No NxSupport: 0x0 Active Console ID: 0 Physical Pages: 0 Booted in safe mode: No TestReturnInstruction: 0 0 0 0 SystemCall: 0x0 SystemCallReturn: 0x0 Cookie: 0x0 Kernel Base : 0x80400000 Kernel Size : 0x19fb90 Page Tables: 0xC0000000 (0x1680000) Page Directory: 0xC0300000 (0x30000) KeNumberProcessors: 0x8046B4CC(46b4cc) 1 KeActiveProcessors: 0x8046B4D4(46b4d4) 1 KiProcessorBlock: 0x8046BDA0(46bda0) KeBootTime: 0x8046B318 (46b318) Value: 0x1c569660cf6aac0 2005-06-05 00:32:27Z KeBootTimeBias: 0x8046B328 Value: 0 Processor Control Regions: KPCR0: 0xFFDFF000(247000) KdVersionBlock: 0x00000000(1) GDT Base: 0x80036000(36000) IDT Base: 0x80036400(36400) IDTR: 0x8003f400 Limit: 0x7ff GDTR: 0x8003f000 Limit: 0x3ff LDTR: 0x8003f000 Limit: 0x3ff TSS: 0x80249000(249000) Processor Control Block: 0xFFDFF120 IdleThread: 0x8046D3F0 BuildType: 2 CpuType: 6 CpuStep: 0x806 SetMember: 1 CpuID: 1 VendorString: GenuineIntel MHZ: 285 PRCBNumber: 0 LogicalProcessorsPerPhysicalProcessor: 0 DebugActive: false Pagefile Information: MmNumberOfPagingFiles: 0x80480644(480644) Value: 1 MmPagingFile: 0x80480C40(480c40) Pagingfile0: 0xFCC8EE28(12abe28) Size: 0xc000 MaximumSize: 0x18000 MinimumSize: 0xc000 FreeSpace: 0xa4fe CurrentUsage: 0x1b01 PeakUsage: 0x1b2c HighestPage: 0x0 FileObject: 0xFCC8EEA8 PagefileName: \??\C:\pagefile.sys Memory Information: MmPagesSize: 0x1000 MmLowestPhysicalPage: 0x8046B4D0(46b4d0) Value: 0x2 MmHighestPhysicalPage: 0x8046B4D8(46b4d8) Value: 0x7e7f MmNumberOfPhysicalPages: 0x8046B4DC(46b4dc) Value: 0x7dfb MmPfnDatabase: 0x8046B448(46b448) IDT Tables: IDT: 0x80036400(36400) No. Selector:Offset ParamCount Dpl Type Module 0. 8:80463c46 0 0 0xe \WINNT\System32\ntoskrnl.exe 1. 8:80463d96 0 0 0xe \WINNT\System32\ntoskrnl.exe 3. 8:8046406e 0 3 0xe \WINNT\System32\ntoskrnl.exe 4. 8:804641d2 0 3 0xe \WINNT\System32\ntoskrnl.exe 5. 8:80464316 0 0 0xe \WINNT\System32\ntoskrnl.exe 6. 8:8046447a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7. 8:804649b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 9. 8:80464d6c 0 0 0xe \WINNT\System32\ntoskrnl.exe a. 8:80464e74 0 0 0xe \WINNT\System32\ntoskrnl.exe b. 8:80464fa0 0 0 0xe \WINNT\System32\ntoskrnl.exe c. 8:804652a4 0 0 0xe \WINNT\System32\ntoskrnl.exe d. 8:804654b0 0 0 0xe \WINNT\System32\ntoskrnl.exe e. 8:80465f04 0 0 0xe \WINNT\System32\ntoskrnl.exe f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 10. 8:804663a7 0 0 0xe \WINNT\System32\ntoskrnl.exe 11. 8:804664cb 0 0 0xe \WINNT\System32\ntoskrnl.exe 13. 8:8046661b 0 0 0xe \WINNT\System32\ntoskrnl.exe 14. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 15. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 16. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 17. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 18. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 19. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1a. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1b. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1c. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1d. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1e. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 2a. 8:8046310c 0 3 0xe \WINNT\System32\ntoskrnl.exe 2b. 8:80463202 0 3 0xe \WINNT\System32\ntoskrnl.exe 2c. 8:80463322 0 3 0xe \WINNT\System32\ntoskrnl.exe 2d. 8:80463f5e 0 3 0xe \WINNT\System32\ntoskrnl.exe 2e. 8:80462c2d 0 3 0xe \WINNT\System32\ntoskrnl.exe 2f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 30. 8:8006807c 0 0 0xe \WINNT\System32\hal.dll 31. 8:fcdbc6a4 0 0 0xe 32. 8:80462284 0 0 0xe \WINNT\System32\ntoskrnl.exe 33. 8:8046228e 0 0 0xe \WINNT\System32\ntoskrnl.exe 34. 8:fcd32264 0 0 0xe 35. 8:804622a2 0 0 0xe \WINNT\System32\ntoskrnl.exe 36. 8:804622ac 0 0 0xe \WINNT\System32\ntoskrnl.exe 37. 8:804622b6 0 0 0xe \WINNT\System32\ntoskrnl.exe 38. 8:80062db0 0 0 0xe \WINNT\System32\hal.dll 39. 8:fcd53144 0 0 0xe 3a. 8:804622d4 0 0 0xe \WINNT\System32\ntoskrnl.exe 3b. 8:fcd32884 0 0 0xe 3c. 8:fcd33dc4 0 0 0xe 3d. 8:804622f2 0 0 0xe \WINNT\System32\ntoskrnl.exe 3e. 8:fcd4d164 0 0 0xe 3f. 8:80462306 0 0 0xe \WINNT\System32\ntoskrnl.exe 40. 8:80462310 0 0 0xe \WINNT\System32\ntoskrnl.exe 41. 8:8046231a 0 0 0xe \WINNT\System32\ntoskrnl.exe 42. 8:80462324 0 0 0xe \WINNT\System32\ntoskrnl.exe 43. 8:8046232e 0 0 0xe \WINNT\System32\ntoskrnl.exe 44. 8:80462338 0 0 0xe \WINNT\System32\ntoskrnl.exe 45. 8:80462342 0 0 0xe \WINNT\System32\ntoskrnl.exe 46. 8:8046234c 0 0 0xe \WINNT\System32\ntoskrnl.exe 47. 8:80462356 0 0 0xe \WINNT\System32\ntoskrnl.exe 48. 8:80462360 0 0 0xe \WINNT\System32\ntoskrnl.exe 49. 8:8046236a 0 0 0xe \WINNT\System32\ntoskrnl.exe 4a. 8:80462374 0 0 0xe \WINNT\System32\ntoskrnl.exe 4b. 8:8046237e 0 0 0xe \WINNT\System32\ntoskrnl.exe 4c. 8:80462388 0 0 0xe \WINNT\System32\ntoskrnl.exe 4d. 8:80462392 0 0 0xe \WINNT\System32\ntoskrnl.exe 4e. 8:8046239c 0 0 0xe \WINNT\System32\ntoskrnl.exe 4f. 8:804623a6 0 0 0xe \WINNT\System32\ntoskrnl.exe 50. 8:804623b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 51. 8:804623ba 0 0 0xe \WINNT\System32\ntoskrnl.exe 52. 8:804623c4 0 0 0xe \WINNT\System32\ntoskrnl.exe 53. 8:804623ce 0 0 0xe \WINNT\System32\ntoskrnl.exe 54. 8:804623d8 0 0 0xe \WINNT\System32\ntoskrnl.exe 55. 8:804623e2 0 0 0xe \WINNT\System32\ntoskrnl.exe 56. 8:804623ec 0 0 0xe \WINNT\System32\ntoskrnl.exe 57. 8:804623f6 0 0 0xe \WINNT\System32\ntoskrnl.exe 58. 8:80462400 0 0 0xe \WINNT\System32\ntoskrnl.exe 59. 8:8046240a 0 0 0xe \WINNT\System32\ntoskrnl.exe 5a. 8:80462414 0 0 0xe \WINNT\System32\ntoskrnl.exe 5b. 8:8046241e 0 0 0xe \WINNT\System32\ntoskrnl.exe 5c. 8:80462428 0 0 0xe \WINNT\System32\ntoskrnl.exe 5d. 8:80462432 0 0 0xe \WINNT\System32\ntoskrnl.exe 5e. 8:8046243c 0 0 0xe \WINNT\System32\ntoskrnl.exe 5f. 8:80462446 0 0 0xe \WINNT\System32\ntoskrnl.exe 60. 8:80462450 0 0 0xe \WINNT\System32\ntoskrnl.exe 61. 8:8046245a 0 0 0xe \WINNT\System32\ntoskrnl.exe 62. 8:80462464 0 0 0xe \WINNT\System32\ntoskrnl.exe 63. 8:8046246e 0 0 0xe \WINNT\System32\ntoskrnl.exe 64. 8:80462478 0 0 0xe \WINNT\System32\ntoskrnl.exe 65. 8:80462482 0 0 0xe \WINNT\System32\ntoskrnl.exe 66. 8:8046248c 0 0 0xe \WINNT\System32\ntoskrnl.exe 67. 8:80462496 0 0 0xe \WINNT\System32\ntoskrnl.exe 68. 8:804624a0 0 0 0xe \WINNT\System32\ntoskrnl.exe 69. 8:804624aa 0 0 0xe \WINNT\System32\ntoskrnl.exe 6a. 8:804624b4 0 0 0xe \WINNT\System32\ntoskrnl.exe 6b. 8:804624be 0 0 0xe \WINNT\System32\ntoskrnl.exe 6c. 8:804624c8 0 0 0xe \WINNT\System32\ntoskrnl.exe 6d. 8:804624d2 0 0 0xe \WINNT\System32\ntoskrnl.exe 6e. 8:804624dc 0 0 0xe \WINNT\System32\ntoskrnl.exe 6f. 8:804624e6 0 0 0xe \WINNT\System32\ntoskrnl.exe 70. 8:804624f0 0 0 0xe \WINNT\System32\ntoskrnl.exe 71. 8:804624fa 0 0 0xe \WINNT\System32\ntoskrnl.exe 72. 8:80462504 0 0 0xe \WINNT\System32\ntoskrnl.exe 73. 8:8046250e 0 0 0xe \WINNT\System32\ntoskrnl.exe 74. 8:80462518 0 0 0xe \WINNT\System32\ntoskrnl.exe 75. 8:80462522 0 0 0xe \WINNT\System32\ntoskrnl.exe 76. 8:8046252c 0 0 0xe \WINNT\System32\ntoskrnl.exe 77. 8:80462536 0 0 0xe \WINNT\System32\ntoskrnl.exe 78. 8:80462540 0 0 0xe \WINNT\System32\ntoskrnl.exe 79. 8:8046254a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7a. 8:80462554 0 0 0xe \WINNT\System32\ntoskrnl.exe 7b. 8:8046255e 0 0 0xe \WINNT\System32\ntoskrnl.exe 7c. 8:80462568 0 0 0xe \WINNT\System32\ntoskrnl.exe 7d. 8:80462572 0 0 0xe \WINNT\System32\ntoskrnl.exe 7e. 8:8046257c 0 0 0xe \WINNT\System32\ntoskrnl.exe 7f. 8:80462586 0 0 0xe \WINNT\System32\ntoskrnl.exe 80. 8:80462590 0 0 0xe \WINNT\System32\ntoskrnl.exe 81. 8:8046259a 0 0 0xe \WINNT\System32\ntoskrnl.exe 82. 8:804625a4 0 0 0xe \WINNT\System32\ntoskrnl.exe 83. 8:804625ae 0 0 0xe \WINNT\System32\ntoskrnl.exe 84. 8:804625b8 0 0 0xe \WINNT\System32\ntoskrnl.exe 85. 8:804625c2 0 0 0xe \WINNT\System32\ntoskrnl.exe 86. 8:804625cc 0 0 0xe \WINNT\System32\ntoskrnl.exe 87. 8:804625d6 0 0 0xe \WINNT\System32\ntoskrnl.exe 88. 8:804625e0 0 0 0xe \WINNT\System32\ntoskrnl.exe 89. 8:804625ea 0 0 0xe \WINNT\System32\ntoskrnl.exe 8a. 8:804625f4 0 0 0xe \WINNT\System32\ntoskrnl.exe 8b. 8:804625fe 0 0 0xe \WINNT\System32\ntoskrnl.exe 8c. 8:80462608 0 0 0xe \WINNT\System32\ntoskrnl.exe 8d. 8:80462612 0 0 0xe \WINNT\System32\ntoskrnl.exe 8e. 8:8046261c 0 0 0xe \WINNT\System32\ntoskrnl.exe 8f. 8:80462626 0 0 0xe \WINNT\System32\ntoskrnl.exe 90. 8:80462630 0 0 0xe \WINNT\System32\ntoskrnl.exe 91. 8:8046263a 0 0 0xe \WINNT\System32\ntoskrnl.exe 92. 8:80462644 0 0 0xe \WINNT\System32\ntoskrnl.exe 93. 8:8046264e 0 0 0xe \WINNT\System32\ntoskrnl.exe 94. 8:80462658 0 0 0xe \WINNT\System32\ntoskrnl.exe 95. 8:80462662 0 0 0xe \WINNT\System32\ntoskrnl.exe 96. 8:8046266c 0 0 0xe \WINNT\System32\ntoskrnl.exe 97. 8:80462676 0 0 0xe \WINNT\System32\ntoskrnl.exe 98. 8:80462680 0 0 0xe \WINNT\System32\ntoskrnl.exe 99. 8:8046268a 0 0 0xe \WINNT\System32\ntoskrnl.exe 9a. 8:80462694 0 0 0xe \WINNT\System32\ntoskrnl.exe 9b. 8:8046269e 0 0 0xe \WINNT\System32\ntoskrnl.exe 9c. 8:804626a8 0 0 0xe \WINNT\System32\ntoskrnl.exe 9d. 8:804626b2 0 0 0xe \WINNT\System32\ntoskrnl.exe 9e. 8:804626bc 0 0 0xe \WINNT\System32\ntoskrnl.exe 9f. 8:804626c6 0 0 0xe \WINNT\System32\ntoskrnl.exe a0. 8:804626d0 0 0 0xe \WINNT\System32\ntoskrnl.exe a1. 8:804626da 0 0 0xe \WINNT\System32\ntoskrnl.exe a2. 8:804626e4 0 0 0xe \WINNT\System32\ntoskrnl.exe a3. 8:804626ee 0 0 0xe \WINNT\System32\ntoskrnl.exe a4. 8:804626f8 0 0 0xe \WINNT\System32\ntoskrnl.exe a5. 8:80462702 0 0 0xe \WINNT\System32\ntoskrnl.exe a6. 8:8046270c 0 0 0xe \WINNT\System32\ntoskrnl.exe a7. 8:80462716 0 0 0xe \WINNT\System32\ntoskrnl.exe a8. 8:80462720 0 0 0xe \WINNT\System32\ntoskrnl.exe a9. 8:8046272a 0 0 0xe \WINNT\System32\ntoskrnl.exe aa. 8:80462734 0 0 0xe \WINNT\System32\ntoskrnl.exe ab. 8:8046273e 0 0 0xe \WINNT\System32\ntoskrnl.exe ac. 8:80462748 0 0 0xe \WINNT\System32\ntoskrnl.exe ad. 8:80462752 0 0 0xe \WINNT\System32\ntoskrnl.exe ae. 8:8046275c 0 0 0xe \WINNT\System32\ntoskrnl.exe af. 8:80462766 0 0 0xe \WINNT\System32\ntoskrnl.exe b0. 8:80462770 0 0 0xe \WINNT\System32\ntoskrnl.exe b1. 8:8046277a 0 0 0xe \WINNT\System32\ntoskrnl.exe b2. 8:80462784 0 0 0xe \WINNT\System32\ntoskrnl.exe b3. 8:8046278e 0 0 0xe \WINNT\System32\ntoskrnl.exe b4. 8:80462798 0 0 0xe \WINNT\System32\ntoskrnl.exe b5. 8:804627a2 0 0 0xe \WINNT\System32\ntoskrnl.exe b6. 8:804627ac 0 0 0xe \WINNT\System32\ntoskrnl.exe b7. 8:804627b6 0 0 0xe \WINNT\System32\ntoskrnl.exe b8. 8:804627c0 0 0 0xe \WINNT\System32\ntoskrnl.exe b9. 8:804627ca 0 0 0xe \WINNT\System32\ntoskrnl.exe ba. 8:804627d4 0 0 0xe \WINNT\System32\ntoskrnl.exe bb. 8:804627de 0 0 0xe \WINNT\System32\ntoskrnl.exe bc. 8:804627e8 0 0 0xe \WINNT\System32\ntoskrnl.exe bd. 8:804627f2 0 0 0xe \WINNT\System32\ntoskrnl.exe be. 8:804627fc 0 0 0xe \WINNT\System32\ntoskrnl.exe bf. 8:80462806 0 0 0xe \WINNT\System32\ntoskrnl.exe c0. 8:80462810 0 0 0xe \WINNT\System32\ntoskrnl.exe c1. 8:8046281a 0 0 0xe \WINNT\System32\ntoskrnl.exe c2. 8:80462824 0 0 0xe \WINNT\System32\ntoskrnl.exe c3. 8:8046282e 0 0 0xe \WINNT\System32\ntoskrnl.exe c4. 8:80462838 0 0 0xe \WINNT\System32\ntoskrnl.exe c5. 8:80462842 0 0 0xe \WINNT\System32\ntoskrnl.exe c6. 8:8046284c 0 0 0xe \WINNT\System32\ntoskrnl.exe c7. 8:80462856 0 0 0xe \WINNT\System32\ntoskrnl.exe c8. 8:80462860 0 0 0xe \WINNT\System32\ntoskrnl.exe c9. 8:8046286a 0 0 0xe \WINNT\System32\ntoskrnl.exe ca. 8:80462874 0 0 0xe \WINNT\System32\ntoskrnl.exe cb. 8:8046287e 0 0 0xe \WINNT\System32\ntoskrnl.exe cc. 8:80462888 0 0 0xe \WINNT\System32\ntoskrnl.exe cd. 8:80462892 0 0 0xe \WINNT\System32\ntoskrnl.exe ce. 8:8046289c 0 0 0xe \WINNT\System32\ntoskrnl.exe cf. 8:804628a6 0 0 0xe \WINNT\System32\ntoskrnl.exe d0. 8:804628b0 0 0 0xe \WINNT\System32\ntoskrnl.exe d1. 8:804628ba 0 0 0xe \WINNT\System32\ntoskrnl.exe d2. 8:804628c4 0 0 0xe \WINNT\System32\ntoskrnl.exe d3. 8:804628ce 0 0 0xe \WINNT\System32\ntoskrnl.exe d4. 8:804628d8 0 0 0xe \WINNT\System32\ntoskrnl.exe d5. 8:804628e2 0 0 0xe \WINNT\System32\ntoskrnl.exe d6. 8:804628ec 0 0 0xe \WINNT\System32\ntoskrnl.exe d7. 8:804628f6 0 0 0xe \WINNT\System32\ntoskrnl.exe d8. 8:80462900 0 0 0xe \WINNT\System32\ntoskrnl.exe d9. 8:8046290a 0 0 0xe \WINNT\System32\ntoskrnl.exe da. 8:80462914 0 0 0xe \WINNT\System32\ntoskrnl.exe db. 8:8046291e 0 0 0xe \WINNT\System32\ntoskrnl.exe dc. 8:80462928 0 0 0xe \WINNT\System32\ntoskrnl.exe dd. 8:80462932 0 0 0xe \WINNT\System32\ntoskrnl.exe de. 8:8046293c 0 0 0xe \WINNT\System32\ntoskrnl.exe df. 8:80462946 0 0 0xe \WINNT\System32\ntoskrnl.exe e0. 8:80462950 0 0 0xe \WINNT\System32\ntoskrnl.exe e1. 8:8046295a 0 0 0xe \WINNT\System32\ntoskrnl.exe e2. 8:80462964 0 0 0xe \WINNT\System32\ntoskrnl.exe e3. 8:8046296e 0 0 0xe \WINNT\System32\ntoskrnl.exe e4. 8:80462978 0 0 0xe \WINNT\System32\ntoskrnl.exe e5. 8:80462982 0 0 0xe \WINNT\System32\ntoskrnl.exe e6. 8:8046298c 0 0 0xe \WINNT\System32\ntoskrnl.exe e7. 8:80462996 0 0 0xe \WINNT\System32\ntoskrnl.exe e8. 8:804629a0 0 0 0xe \WINNT\System32\ntoskrnl.exe e9. 8:804629aa 0 0 0xe \WINNT\System32\ntoskrnl.exe ea. 8:804629b4 0 0 0xe \WINNT\System32\ntoskrnl.exe eb. 8:804629be 0 0 0xe \WINNT\System32\ntoskrnl.exe ec. 8:804629c8 0 0 0xe \WINNT\System32\ntoskrnl.exe ed. 8:804629d2 0 0 0xe \WINNT\System32\ntoskrnl.exe ee. 8:804629d9 0 0 0xe \WINNT\System32\ntoskrnl.exe ef. 8:804629e0 0 0 0xe \WINNT\System32\ntoskrnl.exe f0. 8:804629e7 0 0 0xe \WINNT\System32\ntoskrnl.exe f1. 8:804629ee 0 0 0xe \WINNT\System32\ntoskrnl.exe f2. 8:804629f5 0 0 0xe \WINNT\System32\ntoskrnl.exe f3. 8:804629fc 0 0 0xe \WINNT\System32\ntoskrnl.exe f4. 8:80462a03 0 0 0xe \WINNT\System32\ntoskrnl.exe f5. 8:80462a0a 0 0 0xe \WINNT\System32\ntoskrnl.exe f6. 8:80462a11 0 0 0xe \WINNT\System32\ntoskrnl.exe f7. 8:80462a18 0 0 0xe \WINNT\System32\ntoskrnl.exe f8. 8:80462a1f 0 0 0xe \WINNT\System32\ntoskrnl.exe f9. 8:80462a26 0 0 0xe \WINNT\System32\ntoskrnl.exe fa. 8:80462a2d 0 0 0xe \WINNT\System32\ntoskrnl.exe fb. 8:80462a34 0 0 0xe \WINNT\System32\ntoskrnl.exe fc. 8:80462a3b 0 0 0xe \WINNT\System32\ntoskrnl.exe fd. 8:80462a42 0 0 0xe \WINNT\System32\ntoskrnl.exe fe. 8:80462a49 0 0 0xe \WINNT\System32\ntoskrnl.exe ff. 8:80462a50 0 0 0xe \WINNT\System32\ntoskrnl.exe GDT Tables: GDT (callgates only): 0x80036000(36000) No. Selector:Offset ParamCount Dpl Type Module PsLoadedModuleList : 0x8046B618(46b618) Loaded System Modules: 1. ntoskrnl.exe<0xFCE28288(1445280)>: BaseAddress: 0x80400000 (400000) EntryPoint: 0x8040CF90 Size: 1702528 Flags: 0xc004000 Checksum: 0x1ac8b7 LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\ntoskrnl.exe 2. hal.dll<0xFCE281E8(14451e0)>: BaseAddress: 0x80062000 (62000) EntryPoint: 0x8006FE30 Size: 66528 Flags: 0xc004000 Checksum: 0x1a78e LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\hal.dll 3. BOOTVID.DLL<0xFCE28168(1445160)>: BaseAddress: 0xF0810000 (7d01000) EntryPoint: 0xF08118B0 Size: 12288 Flags: 0x9004000 Checksum: 0xd8a2 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\BOOTVID.DLL 4. ACPI.sys<0xFCE280E8(14450e0)>: BaseAddress: 0xFC9F8000 (7d04000) EntryPoint: 0xFCA1C10B Size: 163840 Flags: 0x9004000 Checksum: 0x2d30f LoadCount: 1 Unknown1: 0 ImagePath: ACPI.sys 5. WMILIB.SYS<0xFCE28068(1445060)>: BaseAddress: 0xF09C8000 (7d2c000) EntryPoint: 0xF09C8AA0 Size: 4096 Flags: 0xd004000 Checksum: 0x8bfd LoadCount: 12 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\WMILIB.SYS 6. pci.sys<0xFCE26F88(1443f80)>: BaseAddress: 0xF0400000 (7d2d000) EntryPoint: 0xF040BA88 Size: 61440 Flags: 0x9004000 Checksum: 0x154e3 LoadCount: 1 Unknown1: 0 ImagePath: pci.sys 7. isapnp.sys<0xFCE26F08(1443f00)>: BaseAddress: 0xF0410000 (7d3c000) EntryPoint: 0xF0419A80 Size: 49152 Flags: 0x9004000 Checksum: 0x15782 LoadCount: 1 Unknown1: 0 ImagePath: isapnp.sys 8. ohci1394.sys<0xFCE26E88(1443e80)>: BaseAddress: 0xF0420000 (7d48000) EntryPoint: 0xF04273E0 Size: 40960 Flags: 0x9004000 Checksum: 0xd649 LoadCount: 1 Unknown1: 0 ImagePath: ohci1394.sys 9. 1394BUS.SYS<0xFCE26DE8(1443de0)>: BaseAddress: 0xF0430000 (7d52000) EntryPoint: 0xF0435360 Size: 45056 Flags: 0xd004000 Checksum: 0x111a7 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\1394BUS.SYS 10. compbatt.sys<0xFCE26D68(1443d60)>: BaseAddress: 0xF0814000 (7d5d000) EntryPoint: 0xF0815900 Size: 12288 Flags: 0x9004000 Checksum: 0x63b9 LoadCount: 1 Unknown1: 0 ImagePath: compbatt.sys 11. BATTC.SYS<0xFCE27FA8(1444fa0)>: BaseAddress: 0xF0900000 (7da0000) EntryPoint: 0xF0900700 Size: 8192 Flags: 0xd004000 Checksum: 0xba7c LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\BATTC.SYS 12. PCIIde.sys<0xFCE27F48(1444f40)>: BaseAddress: 0xF09C9000 (7d62000) EntryPoint: 0xF09C92C0 Size: 4096 Flags: 0x9004000 Checksum: 0xfff0 LoadCount: 1 Unknown1: 0 ImagePath: PCIIde.sys 13. PCIIDEX.SYS<0xFCE27EC8(1444ec0)>: BaseAddress: 0xF0680000 (7d63000) EntryPoint: 0xF0683E70 Size: 24576 Flags: 0xd004000 Checksum: 0xbafb LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\Drivers\PCIIDEX.SYS 14. intelide.sys<0xFCE27E48(1444e40)>: BaseAddress: 0xF09CA000 (7d69000) EntryPoint: 0xF09CA2C0 Size: 4096 Flags: 0x9004000 Checksum: 0x3b0a LoadCount: 1 Unknown1: 0 ImagePath: intelide.sys 15. pcmcia.sys<0xFCE27DA8(1444da0)>: BaseAddress: 0xFC9DD000 (7d6a000) EntryPoint: 0xFC9F4A1C Size: 110592 Flags: 0x9004000 Checksum: 0x293f1 LoadCount: 1 Unknown1: 0 ImagePath: pcmcia.sys 16. ftdisk.sys<0xFCE27D28(1444d20)>: BaseAddress: 0xFC9C0000 (7d85000) EntryPoint: 0xFC9D91D8 Size: 118784 Flags: 0x9004000 Checksum: 0x2b963 LoadCount: 1 Unknown1: 0 ImagePath: ftdisk.sys 17. Diskperf.sys<0xFCE25008(1442000)>: BaseAddress: 0xF0902000 (7da2000) EntryPoint: 0xF09032C0 Size: 8192 Flags: 0x9004000 Checksum: 0xeef0 LoadCount: 1 Unknown1: 0 ImagePath: Diskperf.sys 18. dmio.sys<0xFCE25FA8(1442fa0)>: BaseAddress: 0xFC99E000 (7da4000) EntryPoint: 0xFC9A0824 Size: 139264 Flags: 0x9004000 Checksum: 0x30f8e LoadCount: 1 Unknown1: 0 ImagePath: dmio.sys 19. sbp2port.sys<0xFCE25F28(1442f20)>: BaseAddress: 0xF0440000 (7dc6000) EntryPoint: 0xF0446480 Size: 36864 Flags: 0x9004000 Checksum: 0xfd87 LoadCount: 1 Unknown1: 0 ImagePath: sbp2port.sys 20. ACPIEC.sys<0xFCE25E88(1442e80)>: BaseAddress: 0xF0818000 (7dcf000) EntryPoint: 0xF081A280 Size: 12288 Flags: 0x9004000 Checksum: 0x57c2 LoadCount: 1 Unknown1: 0 ImagePath: ACPIEC.sys 21. PartMgr.sys<0xFCE25E08(1442e00)>: BaseAddress: 0xF081C000 (7dd2000) EntryPoint: 0xF081E040 Size: 12288 Flags: 0x9004000 Checksum: 0x742c LoadCount: 1 Unknown1: 0 ImagePath: PartMgr.sys 22. MountMgr.sys<0xFCE25D88(1442d80)>: BaseAddress: 0xF0688000 (7dd5000) EntryPoint: 0xF068E160 Size: 32768 Flags: 0x9004000 Checksum: 0xe831 LoadCount: 1 Unknown1: 0 ImagePath: MountMgr.sys 23. atapi.sys<0xFCE25CE8(1442ce0)>: BaseAddress: 0xFC989000 (7ddd000) EntryPoint: 0xFC99B5BA Size: 86016 Flags: 0x9004000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 0 ImagePath: atapi.sys 24. va32w2.sys<0xFCE25C68(1442c60)>: BaseAddress: 0xF0690000 (7df2000) EntryPoint: 0xF0693FCE Size: 28672 Flags: 0x9004000 Checksum: 0x9158 LoadCount: 1 Unknown1: 0 ImagePath: va32w2.sys 25. SCSIPORT.SYS<0xFCE25BE8(1442be0)>: BaseAddress: 0xFC977000 (7df9000) EntryPoint: 0xFC9868BC Size: 73728 Flags: 0xd004000 Checksum: 0x162c6 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\SCSIPORT.SYS 26. va16w2.sys<0xFCE25B48(1442b40)>: BaseAddress: 0xF0698000 (7e0b000) EntryPoint: 0xF069B246 Size: 20480 Flags: 0x9004000 Checksum: 0x10d4e LoadCount: 1 Unknown1: 0 ImagePath: va16w2.sys 27. disk.sys<0xFCE25AC8(1442ac0)>: BaseAddress: 0xF06A0000 (7e10000) EntryPoint: 0xF06A5120 Size: 28672 Flags: 0x9004000 Checksum: 0x11fe4 LoadCount: 1 Unknown1: 0 ImagePath: disk.sys 28. CLASSPNP.SYS<0xFCE25A48(1442a40)>: BaseAddress: 0xF0450000 (7e17000) EntryPoint: 0xF04570A0 Size: 36864 Flags: 0xd004000 Checksum: 0xa231 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\CLASSPNP.SYS 29. Fastfat.sys<0xFCE259A8(14429a0)>: BaseAddress: 0xFC954000 (7e60000) EntryPoint: 0xFC972806 Size: 143360 Flags: 0x9004000 Checksum: 0x2d073 LoadCount: 1 Unknown1: 0 ImagePath: Fastfat.sys 30. KSecDD.sys<0xFCE25928(1442920)>: BaseAddress: 0xFC943000 (7e43000) EntryPoint: 0xFC9528BE Size: 69632 Flags: 0x9004000 Checksum: 0x15d45 LoadCount: 4 Unknown1: 0 ImagePath: KSecDD.sys 31. NDIS.sys<0xFCE258A8(14428a0)>: BaseAddress: 0xFC91B000 (7e54000) EntryPoint: 0xFC93FF1E Size: 163840 Flags: 0x9004000 Checksum: 0x373fe LoadCount: 13 Unknown1: 0 ImagePath: NDIS.sys 32. NaiFsRec.sys<0xFCE25828(1442820)>: BaseAddress: 0xF0904000 (7e7c000) EntryPoint: 0xF090494E Size: 8192 Flags: 0x1004000 Checksum: 0xd391 LoadCount: 1 Unknown1: 0 ImagePath: NaiFsRec.sys 33. Mup.sys<0xFCE25788(1442780)>: BaseAddress: 0xFC905000 (7e7e000) EntryPoint: 0xFC90AB04 Size: 90112 Flags: 0x9004000 Checksum: 0x1f266 LoadCount: 1 Unknown1: 0 ImagePath: Mup.sys 34. VIDEOPRT.SYS<0xFCD26EA8(1343ea0)>: BaseAddress: 0xF0480000 (2260000) EntryPoint: 0xF048A800 Size: 53248 Flags: 0x9104000 Checksum: 0x1a5d2 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 35. i81xnt5.sys<0xFCD81328(139e320)>: BaseAddress: 0xFC8B2000 (219e000) EntryPoint: 0xFC8B22E0 Size: 139264 Flags: 0x9104000 Checksum: 0x26d86 LoadCount: 1 Unknown1: 86 ImagePath: \SystemRoot\System32\DRIVERS\i81xnt5.sys 36. PxHelper.sys<0xFCD26968(1343960)>: BaseAddress: 0xF087C000 (220d000) EntryPoint: 0xF087D3D8 Size: 12288 Flags: 0x1104000 Checksum: 0x95bd LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\System32\drivers\PxHelper.sys 37. cdrom.sys<0xFCD26348(1343340)>: BaseAddress: 0xF06D0000 (2211000) EntryPoint: 0xF06D5980 Size: 28672 Flags: 0x9104000 Checksum: 0x9f9f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\cdrom.sys 38. e100bnt5.sys<0xFCD446E8(13616e0)>: BaseAddress: 0xFC898000 (21fa000) EntryPoint: 0xFC89B7B8 Size: 106496 Flags: 0x9104000 Checksum: 0x222a9 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\e100bnt5.sys 39. i8042prt.sys<0xFCD441A8(13611a0)>: BaseAddress: 0xF0490000 (2254000) EntryPoint: 0xF0498000 Size: 49152 Flags: 0x9104000 Checksum: 0xc15a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\i8042prt.sys 40. kbdclass.sys<0xFCD80B88(139db80)>: BaseAddress: 0xF06E0000 (22a2000) EntryPoint: 0xF06E3E64 Size: 24576 Flags: 0x9104000 Checksum: 0xe259 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\kbdclass.sys 41. Apfiltr.sys<0xFCDC4768(13e1760)>: BaseAddress: 0xF04A0000 (2288000) EntryPoint: 0xF04A8F80 Size: 40960 Flags: 0x9104000 Checksum: 0xa904 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\Apfiltr.sys 42. mouclass.sys<0xFCDC4448(13e1440)>: BaseAddress: 0xF06F0000 (2293000) EntryPoint: 0xF06F34E4 Size: 24576 Flags: 0x9104000 Checksum: 0x7e78 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mouclass.sys 43. CmBatt.sys<0xFCD25E68(1342e60)>: BaseAddress: 0xF088C000 (229d000) EntryPoint: 0xF088DBA0 Size: 12288 Flags: 0x9104000 Checksum: 0x2bdd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\CmBatt.sys 44. SonyPI.sys<0xFCD25148(1342140)>: BaseAddress: 0xF04B0000 (22e1000) EntryPoint: 0xF04B785C Size: 36864 Flags: 0x1104000 Checksum: 0x14b69 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyPI.sys 45. SonyNC.sys<0xFCD24888(1341880)>: BaseAddress: 0xF06F8000 (22d4000) EntryPoint: 0xF06FBE72 Size: 20480 Flags: 0x1104000 Checksum: 0x1ab68 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyNC.sys 46. serial.sys<0xFCD241A8(13411a0)>: BaseAddress: 0xF04C0000 (22fd000) EntryPoint: 0xF04CA300 Size: 65536 Flags: 0x9104000 Checksum: 0x11703 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serial.sys 47. serenum.sys<0xFCD7FFA8(139cfa0)>: BaseAddress: 0xF089C000 (230e000) EntryPoint: 0xF089E9C0 Size: 16384 Flags: 0x9104000 Checksum: 0x1105e LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serenum.sys 48. parport.sys<0xFCD7E008(139b000)>: BaseAddress: 0xF0710000 (231f000) EntryPoint: 0xF07104A2 Size: 28672 Flags: 0x9104000 Checksum: 0xeedd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parport.sys 49. fdc.sys<0xFCD7E988(139b980)>: BaseAddress: 0xF0720000 (1) EntryPoint: 0xF0724F30 Size: 28672 Flags: 0x9104000 Checksum: 0x1553c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\fdc.sys 50. USBD.SYS<0xFCD7DEA8(139aea0)>: BaseAddress: 0xF0740000 (2358000) EntryPoint: 0xF0740300 Size: 20480 Flags: 0x9104000 Checksum: 0x5465 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBD.SYS 51. uhcd.sys<0xFCD7E0C8(139b0c0)>: BaseAddress: 0xF0730000 (2350000) EntryPoint: 0xF07302E0 Size: 32768 Flags: 0x9104000 Checksum: 0x11484 LoadCount: 1 Unknown1: 85 ImagePath: \SystemRoot\System32\DRIVERS\uhcd.sys 52. KS.SYS<0xFCDC08C8(13dd8c0)>: BaseAddress: 0xFC80B000 (24cd000) EntryPoint: 0xFC826060 Size: 122880 Flags: 0x9104000 Checksum: 0x2d626 LoadCount: 5 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\KS.SYS 53. portcls.sys<0xFCDC0B68(13ddb60)>: BaseAddress: 0xFC829000 (2487000) EntryPoint: 0xFC83F87C Size: 151552 Flags: 0x9104000 Checksum: 0x30ed1 LoadCount: 1 Unknown1: 75 ImagePath: \SystemRoot\system32\drivers\portcls.sys 54. smwdm.sys<0xFCDC0E08(13dde00)>: BaseAddress: 0xFC84E000 (23bd000) EntryPoint: 0xFC88BE78 Size: 303104 Flags: 0x9104000 Checksum: 0x580c3 LoadCount: 1 Unknown1: 112 ImagePath: \SystemRoot\system32\drivers\smwdm.sys 55. rksample.sys<0xFCDBFF08(13dcf00)>: BaseAddress: 0xF04D0000 (24f0000) EntryPoint: 0xF04DBE18 Size: 57344 Flags: 0x9104000 Checksum: 0x2434c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rksample.sys 56. winachsf.sys<0xFCDBFAC8(13dcac0)>: BaseAddress: 0xFC715000 (259e000) EntryPoint: 0xFC77AFC0 Size: 450560 Flags: 0x9104000 Checksum: 0x9726c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\winachsf.sys 57. Modem.SYS<0xFCDBF6C8(13dc6c0)>: BaseAddress: 0xF0768000 (268c000) EntryPoint: 0xF076D6EA Size: 28672 Flags: 0x9104000 Checksum: 0x16f4a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Modem.SYS 58. audstub.sys<0xFCDBEA88(13dba80)>: BaseAddress: 0xF0A45000 (2720000) EntryPoint: 0xF0A45500 Size: 4096 Flags: 0x9104000 Checksum: 0x8ef7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\audstub.sys 59. rasl2tp.sys<0xFCD42AA8(135faa0)>: BaseAddress: 0xF04E0000 (26c5000) EntryPoint: 0xF04EB2A0 Size: 53248 Flags: 0x9104000 Checksum: 0x10dac LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasl2tp.sys 60. ndistapi.sys<0xFCD23E08(1340e00)>: BaseAddress: 0xF08A8000 (26d6000) EntryPoint: 0xF08A96E2 Size: 12288 Flags: 0x9104000 Checksum: 0xe062 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndistapi.sys 61. ndiswan.sys<0xFCD23848(1340840)>: BaseAddress: 0xFC6FE000 (26ba000) EntryPoint: 0xFC711180 Size: 94208 Flags: 0x9104000 Checksum: 0x24edb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndiswan.sys 62. TDI.SYS<0xFCD7AEE8(1397ee0)>: BaseAddress: 0xF08B8000 (2761000) EntryPoint: 0xF08B87D0 Size: 16384 Flags: 0x9104000 Checksum: 0x1329d LoadCount: 10 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\TDI.SYS 63. raspptp.sys<0xFCD7B8E8(13988e0)>: BaseAddress: 0xF04F0000 (26f5000) EntryPoint: 0xF04FA6C0 Size: 49152 Flags: 0x9104000 Checksum: 0xe275 LoadCount: 1 Unknown1: 84 ImagePath: \SystemRoot\System32\DRIVERS\raspptp.sys 64. ptilink.sys<0xFCD7A328(1397320)>: BaseAddress: 0xF0788000 (274c000) EntryPoint: 0xF07882E0 Size: 20480 Flags: 0x9104000 Checksum: 0xf2be LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ptilink.sys 65. raspti.sys<0xFCDBD888(13da880)>: BaseAddress: 0xF0798000 (2738000) EntryPoint: 0xF079B240 Size: 20480 Flags: 0x9104000 Checksum: 0xfed0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\raspti.sys 66. SonyiNet.sys<0xFCDBD2E8(13da2e0)>: BaseAddress: 0xF07A8000 (2766000) EntryPoint: 0xF07A8414 Size: 28672 Flags: 0x9104000 Checksum: 0x10386 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyiNet.sys 67. parallel.sys<0xFCD79E68(1396e60)>: BaseAddress: 0xF0500000 (278d000) EntryPoint: 0xF0502BBE Size: 61440 Flags: 0x9104000 Checksum: 0x16ad6 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parallel.sys 68. swenum.sys<0xFCD79548(1396540)>: BaseAddress: 0xF0A48000 (27a8000) EntryPoint: 0xF0A486A0 Size: 4096 Flags: 0x9104000 Checksum: 0x7716 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\swenum.sys 69. update.sys<0xFCD78E68(1395e60)>: BaseAddress: 0xFC6E4000 (2840000) EntryPoint: 0xFC6FCE60 Size: 106496 Flags: 0x9104000 Checksum: 0x209d8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\update.sys 70. flpydisk.sys<0xFCD35668(1352660)>: BaseAddress: 0xF07C8000 (27db000) EntryPoint: 0xF07CBBA0 Size: 20480 Flags: 0x9104000 Checksum: 0xf1a2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\flpydisk.sys 71. usbhub.sys<0xFCD31648(134e640)>: BaseAddress: 0xF0540000 (2842000) EntryPoint: 0xF0540372 Size: 40960 Flags: 0x9104000 Checksum: 0xaef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\usbhub.sys 72. NDProxy.SYS<0xFCD1E7C8(133b7c0)>: BaseAddress: 0xF0550000 (287e000) EntryPoint: 0xF0558720 Size: 40960 Flags: 0x9104000 Checksum: 0x121c3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\NDProxy.SYS 73. SonyUSBL.sys<0xFCD682E8(13852e0)>: BaseAddress: 0xF0912000 (28ff000) EntryPoint: 0xF09122C0 Size: 8192 Flags: 0x9104000 Checksum: 0xf068 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyUSBL.sys 74. USBSTOR.SYS<0xFCCF6D28(1313d20)>: BaseAddress: 0xF07D8000 (2942000) EntryPoint: 0xF07D9CA0 Size: 20480 Flags: 0x9104000 Checksum: 0x10fba LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBSTOR.SYS 75. Fs_Rec.SYS<0xFCD64968(1381960)>: BaseAddress: 0xF0916000 (296a000) EntryPoint: 0xF0917294 Size: 8192 Flags: 0x9104000 Checksum: 0xab4c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Fs_Rec.SYS 76. Null.SYS<0xFCCF3988(1310980)>: BaseAddress: 0xF0A4C000 (1) EntryPoint: 0xF0A4C47A Size: 4096 Flags: 0x9104000 Checksum: 0x23ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Null.SYS 77. Beep.SYS<0xFCD63008(1380000)>: BaseAddress: 0xF0A4F000 (2979000) EntryPoint: 0xF0A4F29A Size: 4096 Flags: 0x9104000 Checksum: 0xc54f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Beep.SYS 78. biosview.sys<0xFCD63F48(1380f40)>: BaseAddress: 0xF091A000 (297c000) EntryPoint: 0xF091A2E2 Size: 8192 Flags: 0x9104000 Checksum: 0x76f0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\biosview.sys 79. vga.sys<0xFCD634E8(13804e0)>: BaseAddress: 0xF08D4000 (297e000) EntryPoint: 0xF08D6C40 Size: 16384 Flags: 0x9104000 Checksum: 0x1047d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\vga.sys 80. mnmdd.SYS<0xFCD63428(1380420)>: BaseAddress: 0xF0A50000 (29c2000) EntryPoint: 0xF0A503A0 Size: 4096 Flags: 0x9104000 Checksum: 0xf6c2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\mnmdd.SYS 81. Msfs.SYS<0xFCD62AC8(137fac0)>: BaseAddress: 0xF07F8000 (29a8000) EntryPoint: 0xF07FBEDA Size: 24576 Flags: 0x9104000 Checksum: 0xe5fa LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Msfs.SYS 82. Npfs.SYS<0xFCCF29A8(130f9a0)>: BaseAddress: 0xF0560000 (2993000) EntryPoint: 0xF056790E Size: 36864 Flags: 0x9104000 Checksum: 0x17e60 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Npfs.SYS 83. UdfReadr.SYS<0xFCD61FA8(137efa0)>: BaseAddress: 0xF8371000 (29dc000) EntryPoint: 0xF8372722 Size: 208896 Flags: 0x1004000 Checksum: 0x38b5d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\UdfReadr.SYS 84. rasacd.sys<0xFCCF0008(130d000)>: BaseAddress: 0xF0922000 (2a32000) EntryPoint: 0xF0923493 Size: 8192 Flags: 0x9104000 Checksum: 0xf369 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasacd.sys 85. tcpip.sys<0xFCCF0508(130d500)>: BaseAddress: 0xF82E8000 (2a77000) EntryPoint: 0xF832E4CA Size: 323584 Flags: 0x9104000 Checksum: 0x56824 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\tcpip.sys 86. msgpc.sys<0xFCCB1228(12ce220)>: BaseAddress: 0xF0570000 (2b0d000) EntryPoint: 0xF05702E0 Size: 36864 Flags: 0x9104000 Checksum: 0x17874 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\msgpc.sys 87. netbt.sys<0xFCCA9B48(12c6b40)>: BaseAddress: 0xF82C4000 (2b62000) EntryPoint: 0xF82E3F2E Size: 147456 Flags: 0x9104000 Checksum: 0x282d2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbt.sys 88. wanarp.sys<0xFCCA6D88(12c3d80)>: BaseAddress: 0xF06B0000 (2b6b000) EntryPoint: 0xF06B6266 Size: 32768 Flags: 0x9104000 Checksum: 0x9122 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\wanarp.sys 89. netbios.sys<0xFCCA61A8(12c31a0)>: BaseAddress: 0xF0580000 (2b74000) EntryPoint: 0xF0586E20 Size: 36864 Flags: 0x9104000 Checksum: 0xb5c1 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbios.sys 90. rdbss.sys<0xFCCB1A28(12cea20)>: BaseAddress: 0xF82A2000 (2bd4000) EntryPoint: 0xF82BFF20 Size: 139264 Flags: 0x9104000 Checksum: 0x2c2a9 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rdbss.sys 91. mrxsmb.sys<0xFCC966A8(12b36a0)>: BaseAddress: 0xF8232000 (2c4e000) EntryPoint: 0xF8254DD6 Size: 385024 Flags: 0x9104000 Checksum: 0x69eb4 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mrxsmb.sys 92. dump_WMILIB.SYS<0xFCC78E48(1295e40)>: BaseAddress: 0xF0A9C000 (33cb000) EntryPoint: 0xF0A9CAA0 Size: 4096 Flags: 0x9104000 Checksum: 0x8bfd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\dump_WMILIB.SYS 93. dump_atapi.sys<0xFCC8E288(12ab280)>: BaseAddress: 0xF81F5000 (3355000) EntryPoint: 0xF82075BA Size: 86016 Flags: 0x9104000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 87 ImagePath: \SystemRoot\System32\Drivers\dump_atapi.sys 94. win32k.sys<0xFCC6EC28(128bc20)>: BaseAddress: 0xA0000000 (4156000) EntryPoint: 0xA0194C37 Size: 1728512 Flags: 0x9104000 Checksum: 0x1b02d1 LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\system32\win32k.sys 95. Vchnt5.DLL<0xFCC65EA8(1282ea0)>: BaseAddress: 0xFC793000 (34d9000) EntryPoint: 0xFC793300 Size: 12288 Flags: 0x9104000 Checksum: 0xfa01 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Vchnt5.DLL 96. Ch7xxNT5.DLL<0xFCC657C8(12827c0)>: BaseAddress: 0xFC78B000 (1) EntryPoint: 0xFC78B300 Size: 16384 Flags: 0x9104000 Checksum: 0xb9b7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Ch7xxNT5.DLL 97. SiInt5.DLL<0xFCC654C8(12824c0)>: BaseAddress: 0xF0AA1000 (1) EntryPoint: 0xF0AA12E0 Size: 4096 Flags: 0x9104000 Checksum: 0x10943 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\SiInt5.DLL 98. atv01nt5.DLL<0xFCC64948(1281940)>: BaseAddress: 0xF0770000 (1) EntryPoint: 0xF0770300 Size: 24576 Flags: 0x9104000 Checksum: 0x6ccb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv01nt5.DLL 99. adv01nt5.DLL<0xFCC63E08(1280e00)>: BaseAddress: 0xF0930000 (1) EntryPoint: 0xF09302E0 Size: 8192 Flags: 0x9104000 Checksum: 0xa1f2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv01nt5.DLL 100. atv02nt5.DLL<0xFCC636C8(12806c0)>: BaseAddress: 0xFC783000 (1) EntryPoint: 0xFC783300 Size: 12288 Flags: 0x9104000 Checksum: 0x4caf LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv02nt5.DLL 101. adv02nt5.DLL<0xFCC62F68(127ff60)>: BaseAddress: 0xF0AA4000 (1) EntryPoint: 0xF0AA42E0 Size: 4096 Flags: 0x9104000 Checksum: 0xcef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv02nt5.DLL 102. atv04nt5.DLL<0xFCC62828(127f820)>: BaseAddress: 0xF0780000 (1) EntryPoint: 0xF0780300 Size: 24576 Flags: 0x9104000 Checksum: 0xced3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv04nt5.DLL 103. adv05nt5.DLL<0xFCC620E8(127f0e0)>: BaseAddress: 0xF0AA7000 (1) EntryPoint: 0xF0AA72E0 Size: 4096 Flags: 0x9104000 Checksum: 0x4c3f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv05nt5.DLL 104. atv06nt5.DLL<0xFCC61D28(127ed20)>: BaseAddress: 0xF08A4000 (1) EntryPoint: 0xF08A4300 Size: 12288 Flags: 0x9104000 Checksum: 0x97ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv06nt5.DLL 105. i81xdnt5.dll<0xFCC60FA8(127dfa0)>: BaseAddress: 0xF8133000 (458f000) EntryPoint: 0xF8133320 Size: 663552 Flags: 0x9104000 Checksum: 0xa775c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\i81xdnt5.dll 106. afd.sys<0xFF2886C8(58916c0)>: BaseAddress: 0xF7FFD000 (5a3b000) EntryPoint: 0xF801784A Size: 122880 Flags: 0x9104000 Checksum: 0x2ce34 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\afd.sys 107. ParVdm.SYS<0xFF280FA8(5bfefa0)>: BaseAddress: 0xF0940000 (1) EntryPoint: 0xF0940900 Size: 8192 Flags: 0x9104000 Checksum: 0x770b LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\ParVdm.SYS 108. amosnt.sys<0xFF271068(5eb0060)>: BaseAddress: 0xF7F8A000 (5f30000) EntryPoint: 0xF7FAAD78 Size: 143360 Flags: 0x9104000 Checksum: 0x3dee3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\amosnt.sys 109. Aspi32.SYS<0xFF270EE8(6069ee0)>: BaseAddress: 0xF80E3000 (6136000) EntryPoint: 0xF80E348A Size: 16384 Flags: 0x1104000 Checksum: 0xc64f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Aspi32.SYS 110. fallback.sys<0xFF274848(5dce840)>: BaseAddress: 0xF7E7C000 (6260000) EntryPoint: 0xF7EBF958 Size: 286720 Flags: 0x9104000 Checksum: 0x74577 LoadCount: 1 Unknown1: 1582 ImagePath: \SystemRoot\System32\DRIVERS\fallback.sys 111. fsksnt.sys<0xFCD455E8(13625e0)>: BaseAddress: 0xF7E66000 (6219000) EntryPoint: 0xF7E7A938 Size: 90112 Flags: 0x9104000 Checksum: 0x32482 LoadCount: 1 Unknown1: 1602 ImagePath: \SystemRoot\System32\DRIVERS\fsksnt.sys 112. Ich.sys<0xFF25E2A8(63972a0)>: BaseAddress: 0xF05A0000 (638f000) EntryPoint: 0xF05AC638 Size: 57344 Flags: 0x9104000 Checksum: 0x20e7f LoadCount: 1 Unknown1: 1574 ImagePath: \SystemRoot\System32\DRIVERS\Ich.sys 113. k56nt.sys<0xFF25E628(6397620)>: BaseAddress: 0xF7E06000 (6518000) EntryPoint: 0xF7E62498 Size: 393216 Flags: 0x9104000 Checksum: 0xaf3ad LoadCount: 1 Unknown1: 1646 ImagePath: \SystemRoot\System32\DRIVERS\k56nt.sys 114. wdmaud.sys<0xFF250488(6797480)>: BaseAddress: 0xF7DF3000 (66ca000) EntryPoint: 0xF7DF68B8 Size: 77824 Flags: 0x9104000 Checksum: 0x183eb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\wdmaud.sys 115. sysaudio.sys<0xFF24EA48(66c5a40)>: BaseAddress: 0xF80C3000 (66bd000) EntryPoint: 0xF80CD340 Size: 49152 Flags: 0x9104000 Checksum: 0xe409 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\sysaudio.sys 116. srv.sys<0xFF22CE68(7aefe60)>: BaseAddress: 0xF7CA4000 (7c64000) EntryPoint: 0xF7CDA0A0 Size: 241664 Flags: 0x9104000 Checksum: 0x3abee LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\srv.sys 117. faxnt.sys<0xFF2316A8(6f2d6a0)>: BaseAddress: 0xF7C73000 (a6f000) EntryPoint: 0xF7CA1B18 Size: 200704 Flags: 0x9104000 Checksum: 0x57808 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\faxnt.sys 118. tonesnt.sys<0xFF224CA8(a41ca0)>: BaseAddress: 0xF7EE2000 (cf1000) EntryPoint: 0xF7EECEB8 Size: 53248 Flags: 0x9104000 Checksum: 0x18925 LoadCount: 1 Unknown1: 35 ImagePath: \SystemRoot\System32\DRIVERS\tonesnt.sys 119. v124nt.sys<0xFF223508(8e6500)>: BaseAddress: 0xF7BD8000 (e8c000) EntryPoint: 0xF7C46698 Size: 471040 Flags: 0x9104000 Checksum: 0xc7564 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\v124nt.sys 120. Cdfs.SYS<0xFF225788(9be780)>: BaseAddress: 0xF7ED2000 (225000) EntryPoint: 0xF7EDF1A0 Size: 61440 Flags: 0x9104000 Checksum: 0x1296d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Cdfs.SYS 121. ipsec.sys<0xFF29CD68(5273d60)>: BaseAddress: 0xF7AFB000 (3d72000) EntryPoint: 0xF7B0DCE6 Size: 86016 Flags: 0x9104000 Checksum: 0x21cb3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ipsec.sys 122. dfrwsdrv.sys<0xFF178B08(4075b00)>: BaseAddress: 0xF0A18000 (3e10000) EntryPoint: 0xF0A18718 Size: 4096 Flags: 0x9104000 Checksum: 0xb8ac LoadCount: 1 Unknown1: 0 ImagePath: \??\c:\winnt\system32\dfrwsdrv.sys 123. kmixer.sys<0xFF1B6D08(5425d00)>: BaseAddress: 0xF771B000 (6bb2000) EntryPoint: 0xF772C1B3 Size: 147456 Flags: 0x9104000 Checksum: 0x2ef53 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\kmixer.sys 124. ATMFD.DLL<0xFF10BE48(464de40)>: BaseAddress: 0xF76D4000 (1) EntryPoint: 0xF76D6E3A Size: 290816 Flags: 0x9104000 Checksum: 0x4f552 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\ATMFD.DLL Unloaded System Modules: 0x80480418 (0x480418) 1. (0x0): BaseAddress: 0x00000000 ImageEnd: 0x00000000 Unknown1: 0x0 Unknown2: 0x0 2. kmixer.sys(0x611ef28): BaseAddress: 0xF79BF000 ImageEnd: 0xF79E3000 Unknown1: 0x6651f7a0 Unknown2: 0x1c56966 3. kmixer.sys(0x1914448): BaseAddress: 0xF7D07000 ImageEnd: 0xF7D2B000 Unknown1: 0x29370d30 Unknown2: 0x1c56966 4. DMusic.sys(0x6914c08): BaseAddress: 0xF8093000 ImageEnd: 0xF80A0000 Unknown1: 0x27466d40 Unknown2: 0x1c56966 5. swmidi.sys(0x5891448): BaseAddress: 0xF80A3000 ImageEnd: 0xF80B0000 Unknown1: 0x2575e440 Unknown2: 0x1c56966 6. VGA.dll(0x127e488): BaseAddress: 0xF81C0000 ImageEnd: 0xF81D5000 Unknown1: 0x170700e0 Unknown2: 0x1c56966 7. i81xdnt5.dll(0x127ede8): BaseAddress: 0xF8133000 ImageEnd: 0xF81D5000 Unknown1: 0x1703f280 Unknown2: 0x1c56966 8. redbook.sys(0x130eda8): BaseAddress: 0xF0590000 ImageEnd: 0xF0599000 Unknown1: 0x13fa2810 Unknown2: 0x1c56966 Drivers: \Driver\WMI<0xFCDF4C30(1411c30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0xFCDF46D8 DriverInit: 0x80561536 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80512A98 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80512AD8 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804B1C53 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80512B8C \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80512FB6 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\WMI \Driver\KSecDD<0xFCD4C750(1369750)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9528BE KSecDD.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC94BA3A KSecDD.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC94BA3A KSecDD.sys IRP_MJ_READ: 0xFC94BA3A KSecDD.sys IRP_MJ_WRITE: 0xFC94BA3A KSecDD.sys IRP_MJ_QUERY_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC94BA3A KSecDD.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: KSecDD \Driver\NDIS<0xFCD828F0(139f8f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC93FF1E NDIS.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC91F196 NDIS.sys IRP_MJ_CLOSE: 0xFC91F196 NDIS.sys IRP_MJ_READ: 0xFC91F196 NDIS.sys IRP_MJ_WRITE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_EA: 0xFC91F196 NDIS.sys IRP_MJ_SET_EA: 0xFC91F196 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC91F196 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_CLEANUP: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_POWER: 0xFC91F196 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_PNP: 0xFC91F196 NDIS.sys AddDevice: 0x00000000 ServiceKeyName: NDIS \Driver\Beep<0xFCD63E70(1380e70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63008 \SystemRoot\System32\Drivers\Beep.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A4F29A \SystemRoot\System32\Drivers\Beep.SYS DriverStartIo: 0xF0A4F572 \SystemRoot\System32\Drivers\Beep.SYS DriverUnload: 0xF0A4F67E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE: 0xF0A4F4C0 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4F50E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A4F456 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0A4F39E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Beep \Driver\V124<0xFF1F6D10(35cd10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF223508 \SystemRoot\System32\DRIVERS\v124nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7C46698 \SystemRoot\System32\DRIVERS\v124nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7BE3A60 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE: 0xF7BE3B00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7BE3B00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_READ: 0xF7BE3B00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: V124 \Driver\Raspti<0xFCDBD6F0(13da6f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD888 \SystemRoot\System32\DRIVERS\raspti.sys FastIoDispatch: 0x00000000 DriverInit: 0xF079B240 \SystemRoot\System32\DRIVERS\raspti.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Raspti \Driver\Mouclass<0xFCDC4270(13e1270)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4448 \SystemRoot\System32\DRIVERS\mouclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06F34E4 \SystemRoot\System32\DRIVERS\mouclass.sys DriverStartIo: 0xF06F0C7C \SystemRoot\System32\DRIVERS\mouclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06F058C \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F0808 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_READ: 0xF06F0A38 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06F04F2 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F2466 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F2080 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F04B6 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F2F92 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06F3270 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F1026 \SystemRoot\System32\DRIVERS\mouclass.sys AddDevice: 0xF06F2142 \SystemRoot\System32\DRIVERS\mouclass.sys ServiceKeyName: Mouclass \Driver\Diskperf<0xFCD86970(13a3970)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25008 Diskperf.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09032C0 Diskperf.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0902EC2 Diskperf.sys IRP_MJ_CREATE: 0xF09023B6 Diskperf.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09022F6 Diskperf.sys IRP_MJ_CLOSE: 0xF09022F6 Diskperf.sys IRP_MJ_READ: 0xF09023CC Diskperf.sys IRP_MJ_WRITE: 0xF09023CC Diskperf.sys IRP_MJ_QUERY_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_EA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_EA: 0xF09022F6 Diskperf.sys IRP_MJ_FLUSH_BUFFERS: 0xF090268A Diskperf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_DEVICE_CONTROL: 0xF090256E Diskperf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_SHUTDOWN: 0xF090268A Diskperf.sys IRP_MJ_LOCK_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_CLEANUP: 0xF09022F6 Diskperf.sys IRP_MJ_CREATE_MAILSLOT: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_SET_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_POWER: 0xF0902314 Diskperf.sys IRP_MJ_SYSTEM_CONTROL: 0xF0902DCA Diskperf.sys IRP_MJ_DEVICE_CHANGE: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_PNP: 0xF0902C26 Diskperf.sys AddDevice: 0xF0902AFA Diskperf.sys ServiceKeyName: Diskperf \Driver\Kbdclass<0xFCD809B0(139d9b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD80B88 \SystemRoot\System32\DRIVERS\kbdclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06E3E64 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverStartIo: 0xF06E0D58 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06E066E \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06E08EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_READ: 0xF06E0B1C \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06E05D4 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06E28EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06E2380 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06E04B6 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06E35E2 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06E3BFE \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06E1168 \SystemRoot\System32\DRIVERS\kbdclass.sys AddDevice: 0xF06E2494 \SystemRoot\System32\DRIVERS\kbdclass.sys ServiceKeyName: Kbdclass \Driver\Compbatt<0xFCD308D0(134d8d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0815900 compbatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0814DC0 compbatt.sys IRP_MJ_CREATE: 0xF081445C compbatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF081445C compbatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0814DC8 compbatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0814930 compbatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF0814476 compbatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0814872 compbatt.sys AddDevice: 0xF081432E compbatt.sys ServiceKeyName: Compbatt \Driver\NDProxy<0xFCD1E630(133b630)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD1E7C8 \SystemRoot\System32\Drivers\NDProxy.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0558720 \SystemRoot\System32\Drivers\NDProxy.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0550506 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF055061E \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NDProxy \Driver\VgaSave<0xFCD63350(1380350)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD634E8 \SystemRoot\System32\drivers\vga.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08D6C40 \SystemRoot\System32\drivers\vga.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: VgaSave \Driver\MountMgr<0xFCD4DD50(136ad50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF068E160 MountMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF068C622 MountMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF068C622 MountMgr.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF068DEB6 MountMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0688658 MountMgr.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: MountMgr \Driver\Ptilink<0xFCD7A190(1397190)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7A328 \SystemRoot\System32\DRIVERS\ptilink.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07882E0 \SystemRoot\System32\DRIVERS\ptilink.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07894AC \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE: 0xF0788E1A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07890B8 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_READ: 0xF078930A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_WRITE: 0xF0789298 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0789404 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ptilink \Driver\SonyUSBL<0xFCD68030(1385030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD682E8 \SystemRoot\System32\DRIVERS\SonyUSBL.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09122C0 \SystemRoot\System32\DRIVERS\SonyUSBL.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0912308 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLOSE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_READ: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_WRITE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FLUSH_BUFFERS: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DIRECTORY_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SHUTDOWN: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_LOCK_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLEANUP: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_MAILSLOT: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_POWER: 0xF0912598 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CHANGE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_PNP: 0xF0912442 \SystemRoot\System32\DRIVERS\SonyUSBL.sys AddDevice: 0xF0912322 \SystemRoot\System32\DRIVERS\SonyUSBL.sys ServiceKeyName: SonyUSBL \Driver\wdmaud<0xFF26D530(5f3a530)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF250488 \SystemRoot\system32\drivers\wdmaud.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7DF68B8 \SystemRoot\system32\drivers\wdmaud.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7DFF56B \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE: 0xF7DF939D \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7DF883C \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7DF71A1 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7DF8666 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7DFE18E \SystemRoot\system32\drivers\wdmaud.sys AddDevice: 0xF7DF6920 \SystemRoot\system32\drivers\wdmaud.sys ServiceKeyName: wdmaud \Driver\ohci1394<0xFCD85AD0(13a2ad0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04273E0 ohci1394.sys DriverStartIo: 0xF04215AA ohci1394.sys DriverUnload: 0xF04202C0 ohci1394.sys IRP_MJ_CREATE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0420D1A ohci1394.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF043031A \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0432EEA \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SYSTEM_CONTROL: 0xF04276EA ohci1394.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04364C1 \WINNT\System32\DRIVERS\1394BUS.SYS AddDevice: 0xF0427426 ohci1394.sys ServiceKeyName: ohci1394 \Driver\Aspi32<0xFF270D10(6069d10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF270EE8 \SystemRoot\System32\Drivers\Aspi32.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF80E348A \SystemRoot\System32\Drivers\Aspi32.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF80E58BC \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE: 0xF80E3F98 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80E43E4 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF80E3FB2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF80E43B2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Aspi32 \Driver\SoftFax<0xFF24BD10(66ead10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2316A8 \SystemRoot\System32\DRIVERS\faxnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7CA1B18 \SystemRoot\System32\DRIVERS\faxnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7C75B10 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE: 0xF7C75BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7C75BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_READ: 0xF7C75BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: SoftFax \Driver\isapnp<0xFCD53C90(1370c90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0419A80 isapnp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04140E0 isapnp.sys IRP_MJ_CREATE: 0xF0414322 isapnp.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0414322 isapnp.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF041337F isapnp.sys IRP_MJ_SYSTEM_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0414262 isapnp.sys AddDevice: 0xF04140E4 isapnp.sys ServiceKeyName: isapnp \Driver\atapi<0xFCD4DA50(136aa50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC99B5BA atapi.sys DriverStartIo: 0xFC98EC44 atapi.sys DriverUnload: 0xFC998A00 atapi.sys IRP_MJ_CREATE: 0xFC992BFA atapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC992BFA atapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC992C10 atapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC98E6BE atapi.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC992C30 atapi.sys IRP_MJ_SYSTEM_CONTROL: 0xFC998984 atapi.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC998956 atapi.sys AddDevice: 0xFC996D76 atapi.sys ServiceKeyName: atapi \Driver\E100B<0xFCD445B0(13615b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD446E8 \SystemRoot\System32\DRIVERS\e100bnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC89B7B8 \SystemRoot\System32\DRIVERS\e100bnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: E100B \Driver\K56<0xFF25C6D0(64a76d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E628 \SystemRoot\System32\DRIVERS\k56nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E62498 \SystemRoot\System32\DRIVERS\k56nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E0E560 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE: 0xF7E0E600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E0E600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_READ: 0xF7E0E600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: K56 \Driver\USBSTOR<0xFCCF6BF0(1313bf0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF6D28 \SystemRoot\System32\DRIVERS\USBSTOR.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07D9CA0 \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverStartIo: 0xF07D86AE \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverUnload: 0xF07D9D06 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_READ: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_WRITE: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07DB486 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07D8422 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07D9E40 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SYSTEM_CONTROL: 0xF07D9F2C \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07D9F70 \SystemRoot\System32\DRIVERS\USBSTOR.SYS AddDevice: 0xF07D9D0A \SystemRoot\System32\DRIVERS\USBSTOR.SYS ServiceKeyName: USBSTOR \Driver\DFRWSDRV2005<0xFF25D890(639b890)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF178B08 \??\c:\winnt\system32\dfrwsdrv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A18718 \??\c:\winnt\system32\dfrwsdrv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A18692 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_READ: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_WRITE: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A18424 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: DFRWSDRV2005 \Driver\dmio<0xFCD86870(13a3870)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9A0824 dmio.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC9A0D18 dmio.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9A0DCC dmio.sys IRP_MJ_READ: 0xFC9A0E4C dmio.sys IRP_MJ_WRITE: 0xFC9A0EA6 dmio.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9A14C6 dmio.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9A0F90 dmio.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9A1F3E dmio.sys IRP_MJ_SHUTDOWN: 0xFC9A14C6 dmio.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9A1ED0 dmio.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9A18FC dmio.sys AddDevice: 0xFC9A1814 dmio.sys ServiceKeyName: dmio \Driver\RasAcd<0xFCCF0BB0(130dbb0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0008 \SystemRoot\System32\DRIVERS\rasacd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0923493 \SystemRoot\System32\DRIVERS\rasacd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLOSE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_READ: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_WRITE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FLUSH_BUFFERS: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SHUTDOWN: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_LOCK_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLEANUP: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_MAILSLOT: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_POWER: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CHANGE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: RasAcd \Driver\uhcd<0xFCD7DCD0(139acd0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E0C8 \SystemRoot\System32\DRIVERS\uhcd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07302E0 \SystemRoot\System32\DRIVERS\uhcd.sys DriverStartIo: 0xF0731A22 \SystemRoot\System32\DRIVERS\uhcd.sys DriverUnload: 0xF07306FE \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SYSTEM_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys AddDevice: 0xF0730702 \SystemRoot\System32\DRIVERS\uhcd.sys ServiceKeyName: uhcd \Driver\audstub<0xFCDBE8F0(13db8f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBEA88 \SystemRoot\System32\DRIVERS\audstub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A45500 \SystemRoot\System32\DRIVERS\audstub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A454C8 \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A4542E \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A453B4 \SystemRoot\System32\DRIVERS\audstub.sys AddDevice: 0xF0A45360 \SystemRoot\System32\DRIVERS\audstub.sys ServiceKeyName: audstub \Driver\Win32k<0xFF29FB30(516db30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0xA000A8ED \??\C:\WINNT\system32\win32k.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\Win32k \Driver\winachsf<0xFCDBF950(13dc950)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFAC8 \SystemRoot\System32\DRIVERS\winachsf.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC77AFC0 \SystemRoot\System32\DRIVERS\winachsf.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC776EFC \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE: 0xFC775890 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC775DBA \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_READ: 0xFC77608A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_WRITE: 0xFC77611A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_INFORMATION: 0xFC775FF6 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SET_INFORMATION: 0xFC77605C \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC776174 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC7761B4 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC77A636 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC775F42 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC77988E \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC77914A \SystemRoot\System32\DRIVERS\winachsf.sys AddDevice: 0xFC7787D4 \SystemRoot\System32\DRIVERS\winachsf.sys ServiceKeyName: winachsf \Driver\swenum<0xFCD793B0(13963b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79548 \SystemRoot\System32\DRIVERS\swenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A486A0 \SystemRoot\System32\DRIVERS\swenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A482C0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE: 0xF0A485A2 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4865C \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A48606 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A482E0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF0A482C4 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A484E2 \SystemRoot\System32\DRIVERS\swenum.sys AddDevice: 0xF0A48476 \SystemRoot\System32\DRIVERS\swenum.sys ServiceKeyName: swenum \Driver\usbhub<0xFCD353D0(13523d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD31648 \SystemRoot\System32\DRIVERS\usbhub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0540372 \SystemRoot\System32\DRIVERS\usbhub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF05406B4 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SYSTEM_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys AddDevice: 0xF0541168 \SystemRoot\System32\DRIVERS\usbhub.sys ServiceKeyName: usbhub \Driver\Update<0xFCD78CD0(1395cd0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD78E68 \SystemRoot\System32\DRIVERS\update.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC6FCE60 \SystemRoot\System32\DRIVERS\update.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC6E4D36 \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC6E4C3A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_SYSTEM_CONTROL: 0xFC6E4D0A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC6E45E0 \SystemRoot\System32\DRIVERS\update.sys AddDevice: 0xFC6E4677 \SystemRoot\System32\DRIVERS\update.sys ServiceKeyName: Update \Driver\Ftdisk<0xFCD86C10(13a3c10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9D91D8 ftdisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9CB450 ftdisk.sys IRP_MJ_CREATE: 0xFC9C04D4 ftdisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0xFC9C0A2E ftdisk.sys IRP_MJ_WRITE: 0xFC9C0A2E ftdisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9C0D7A ftdisk.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9C9FB2 ftdisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9C86B4 ftdisk.sys IRP_MJ_SHUTDOWN: 0xFC9C0D7A ftdisk.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9C105A ftdisk.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9C0784 ftdisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9CB45E ftdisk.sys AddDevice: 0x00000000 ServiceKeyName: Ftdisk \Driver\smwdm<0xFCDC0770(13dd770)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC0E08 \SystemRoot\system32\drivers\smwdm.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC88BE78 \SystemRoot\system32\drivers\smwdm.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC83908D \SystemRoot\system32\drivers\portcls.sys IRP_MJ_CREATE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_READ: 0xFC8172F6 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC817382 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC88B538 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xFC81829A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SET_SECURITY: 0xFC8182C4 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_POWER: 0xFC8421F6 \SystemRoot\system32\drivers\portcls.sys IRP_MJ_SYSTEM_CONTROL: 0xFC83FA6A \SystemRoot\system32\drivers\portcls.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC83CC7C \SystemRoot\system32\drivers\portcls.sys AddDevice: 0xFC88C000 \SystemRoot\system32\drivers\smwdm.sys ServiceKeyName: smwdm \Driver\Modem<0xFCDBF590(13dc590)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBF6C8 \SystemRoot\System32\Drivers\Modem.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF076D6EA \SystemRoot\System32\Drivers\Modem.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0769320 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE: 0xF076A0D6 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF076A15C \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_READ: 0xF076C106 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_WRITE: 0xF076C070 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SET_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF076AE08 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF076BF6A \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF076925E \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SYSTEM_CONTROL: 0xF076A996 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0769563 \SystemRoot\System32\Drivers\Modem.SYS AddDevice: 0xF0769336 \SystemRoot\System32\Drivers\Modem.SYS ServiceKeyName: Modem \Driver\sysaudio<0xFF25B4D0(65b94d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24EA48 \SystemRoot\system32\drivers\sysaudio.sys FastIoDispatch: 0x00000000 DriverInit: 0xF80CD340 \SystemRoot\system32\drivers\sysaudio.sys DriverStartIo: 0x00000000 DriverUnload: 0xF80CB084 \SystemRoot\system32\drivers\sysaudio.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF80CA2A8 \SystemRoot\system32\drivers\sysaudio.sys AddDevice: 0xF80C6C45 \SystemRoot\system32\drivers\sysaudio.sys ServiceKeyName: sysaudio \Driver\Fdc<0xFCD7E7F0(139b7f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E988 \SystemRoot\System32\DRIVERS\fdc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0724F30 \SystemRoot\System32\DRIVERS\fdc.sys DriverStartIo: 0xF0722C6E \SystemRoot\System32\DRIVERS\fdc.sys DriverUnload: 0xF07202E0 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0722534 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0722572 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0720BA2 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0720408 \SystemRoot\System32\DRIVERS\fdc.sys AddDevice: 0xF07202F8 \SystemRoot\System32\DRIVERS\fdc.sys ServiceKeyName: Fdc \Driver\Rasl2tp<0xFCD42910(135f910)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD42AA8 \SystemRoot\System32\DRIVERS\rasl2tp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04EB2A0 \SystemRoot\System32\DRIVERS\rasl2tp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Rasl2tp \Driver\AmosNT<0xFF271750(5eb0750)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF271068 \SystemRoot\System32\DRIVERS\amosnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7FAAD78 \SystemRoot\System32\DRIVERS\amosnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7F8C010 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_READ: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_WRITE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: AmosNT \Driver\Ich<0xFF25E170(6397170)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E2A8 \SystemRoot\System32\DRIVERS\Ich.sys FastIoDispatch: 0x00000000 DriverInit: 0xF05AC638 \SystemRoot\System32\DRIVERS\Ich.sys DriverStartIo: 0x00000000 DriverUnload: 0xF05A0420 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE: 0xF05A04C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF05A04C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_READ: 0xF05A04C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ich \Driver\ACPIEC<0xFCDC7B50(13e4b50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081A280 ACPIEC.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0819B97 ACPIEC.sys IRP_MJ_CREATE: 0xF0819C78 ACPIEC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0819C78 ACPIEC.sys IRP_MJ_READ: 0xF08182E0 ACPIEC.sys IRP_MJ_WRITE: 0xF08182E0 ACPIEC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0819CBE ACPIEC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF08183BA ACPIEC.sys IRP_MJ_SYSTEM_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF081899A ACPIEC.sys AddDevice: 0xF0818633 ACPIEC.sys ServiceKeyName: ACPIEC \Driver\ParVdm<0xFF279D90(5d1fd90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF280FA8 \SystemRoot\System32\Drivers\ParVdm.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0940900 \SystemRoot\System32\Drivers\ParVdm.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0940712 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE: 0xF09404E8 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF094058A \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF094063E \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: ParVdm \Driver\Fallback<0xFF2749F0(5dce9f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF274848 \SystemRoot\System32\DRIVERS\fallback.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7EBF958 \SystemRoot\System32\DRIVERS\fallback.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E81070 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_READ: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fallback \Driver\ACPI_HAL<0xFCDF4D30(1411d30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8006CEFE \WINNT\System32\hal.dll DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8006A876 \WINNT\System32\hal.dll IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x8006D016 \WINNT\System32\hal.dll AddDevice: 0x8006CF5A \WINNT\System32\hal.dll ServiceKeyName: \Driver\ACPI_HAL \Driver\serenum<0xFCD7FD50(139cd50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7FFA8 \SystemRoot\System32\DRIVERS\serenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF089E9C0 \SystemRoot\System32\DRIVERS\serenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF089D606 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLOSE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_READ: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_WRITE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FLUSH_BUFFERS: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DIRECTORY_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CONTROL: 0xF089C608 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF089C75C \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SHUTDOWN: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_LOCK_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLEANUP: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_MAILSLOT: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_POWER: 0xF089C8D8 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CHANGE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_PNP: 0xF089CDF4 \SystemRoot\System32\DRIVERS\serenum.sys AddDevice: 0xF089CC80 \SystemRoot\System32\DRIVERS\serenum.sys ServiceKeyName: serenum \Driver\PptpMiniport<0xFCD7AD50(1397d50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7B8E8 \SystemRoot\System32\DRIVERS\raspptp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04FA6C0 \SystemRoot\System32\DRIVERS\raspptp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: PptpMiniport \Driver\NetBT<0xFCCA9F30(12c6f30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA9B48 \SystemRoot\System32\DRIVERS\netbt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF82E3F2E \SystemRoot\System32\DRIVERS\netbt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82DFF34 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE: 0xF82DCE74 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF82DD552 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF82DD5DB \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82C58FD \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF82DD298 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF82CBE01 \SystemRoot\System32\DRIVERS\netbt.sys AddDevice: 0x00000000 ServiceKeyName: NetBT \Driver\PCIIde<0xFCDC9270(13e6270)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27F48 PCIIde.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09C92C0 PCIIde.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: PCIIde \Driver\va16w2<0xFCD497F0(13667f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25B48 va16w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF069B246 va16w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va16w2 \Driver\Cdrom<0xFCD26210(1343210)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26348 \SystemRoot\System32\DRIVERS\cdrom.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06D5980 \SystemRoot\System32\DRIVERS\cdrom.sys DriverStartIo: 0xF0452BAF \WINNT\System32\DRIVERS\CLASSPNP.SYS DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Cdrom \Driver\Tones<0xFF20B930(ee2930)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF224CA8 \SystemRoot\System32\DRIVERS\tonesnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7EECEB8 \SystemRoot\System32\DRIVERS\tonesnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7EE2E00 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE: 0xF7EE2EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7EE2EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_READ: 0xF7EE2EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Tones \Driver\kmixer<0xFF175F30(4535f30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1B6D08 \SystemRoot\system32\drivers\kmixer.sys FastIoDispatch: 0x00000000 DriverInit: 0xF772C1B3 \SystemRoot\system32\drivers\kmixer.sys DriverStartIo: 0x00000000 DriverUnload: 0xF772E049 \SystemRoot\system32\drivers\kmixer.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF772875A \SystemRoot\system32\drivers\kmixer.sys AddDevice: 0xF772C531 \SystemRoot\system32\drivers\kmixer.sys ServiceKeyName: kmixer \Driver\Pcmcia<0xFCD86030(13a3030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9F4A1C pcmcia.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9F12B6 pcmcia.sys IRP_MJ_CREATE: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9DD946 pcmcia.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9DD946 pcmcia.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9DD946 pcmcia.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9DD946 pcmcia.sys AddDevice: 0xFC9F0D32 pcmcia.sys ServiceKeyName: Pcmcia \Driver\va32w2<0xFCD49A70(1366a70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25C68 va32w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0693FCE va32w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va32w2 \Driver\SNC<0xFCD246F0(13416f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24888 \SystemRoot\System32\Drivers\SonyNC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06FBE72 \SystemRoot\System32\Drivers\SonyNC.sys DriverStartIo: 0xF06F8CF5 \SystemRoot\System32\Drivers\SonyNC.sys DriverUnload: 0xF06F8CAE \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_READ: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_WRITE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys AddDevice: 0xF06F8D08 \SystemRoot\System32\Drivers\SonyNC.sys ServiceKeyName: SNC \Driver\mnmdd<0xFCD62C10(137fc10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63428 \SystemRoot\System32\Drivers\mnmdd.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A503A0 \SystemRoot\System32\Drivers\mnmdd.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: mnmdd \Driver\Tcpip<0xFCCF0370(130d370)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys FastIoDispatch: 0x00000000 DriverInit: 0xF832E4CA \SystemRoot\System32\DRIVERS\tcpip.sys DriverStartIo: 0x00000000 DriverUnload: 0xF831B604 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLOSE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_READ: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_WRITE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FLUSH_BUFFERS: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82E997F \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SHUTDOWN: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_LOCK_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLEANUP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_MAILSLOT: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_POWER: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CHANGE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_PNP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys AddDevice: 0x00000000 ServiceKeyName: Tcpip \Driver\Wanarp<0xFCCA5D10(12c2d10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA6D88 \SystemRoot\System32\DRIVERS\wanarp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06B6266 \SystemRoot\System32\DRIVERS\wanarp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06B5C96 \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLOSE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_READ: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_WRITE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FLUSH_BUFFERS: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DIRECTORY_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SHUTDOWN: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_LOCK_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLEANUP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_MAILSLOT: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_POWER: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CHANGE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_PNP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys AddDevice: 0x00000000 ServiceKeyName: Wanarp \Driver\PxHelper<0xFCD26750(1343750)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26968 \??\C:\WINNT\System32\drivers\PxHelper.sys FastIoDispatch: 0x00000000 DriverInit: 0xF087D3D8 \??\C:\WINNT\System32\drivers\PxHelper.sys DriverStartIo: 0x00000000 DriverUnload: 0xF087CA2C \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLOSE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_READ: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_WRITE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FLUSH_BUFFERS: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DIRECTORY_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SHUTDOWN: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_LOCK_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLEANUP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_MAILSLOT: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_POWER: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CHANGE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_PNP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys AddDevice: 0xF087CA30 \??\C:\WINNT\System32\drivers\PxHelper.sys ServiceKeyName: PxHelper \Driver\biosview<0xFCD63870(1380870)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63F48 \SystemRoot\system32\drivers\biosview.sys FastIoDispatch: 0x00000000 DriverInit: 0xF091A2E2 \SystemRoot\system32\drivers\biosview.sys DriverStartIo: 0x00000000 DriverUnload: 0xF091A458 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: biosview \Driver\Rksample<0xFCDBFD90(13dcd90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFF08 \SystemRoot\System32\DRIVERS\rksample.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04DBE18 \SystemRoot\System32\DRIVERS\rksample.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04D0E50 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_READ: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys AddDevice: 0xF04D0EF0 \SystemRoot\System32\DRIVERS\rksample.sys ServiceKeyName: Rksample \Driver\Null<0xFCCF37F0(13107f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF3988 \SystemRoot\System32\Drivers\Null.SYS FastIoDispatch: 0xFCD647A8 DriverInit: 0xF0A4C47A \SystemRoot\System32\Drivers\Null.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_READ: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_WRITE: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_QUERY_INFORMATION: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Null \Driver\Disk<0xFCD49690(1366690)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06A5120 disk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Disk \Driver\PCI<0xFCDDF230(13fc230)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys FastIoDispatch: 0x00000000 DriverInit: 0xF040BA88 pci.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04073A6 pci.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0400D84 pci.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0400D84 pci.sys IRP_MJ_SYSTEM_CONTROL: 0xF0400D84 pci.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0400D84 pci.sys AddDevice: 0xF0406B90 pci.sys ServiceKeyName: PCI \Driver\sbp2port<0xFCDC8410(13e5410)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0446480 sbp2port.sys DriverStartIo: 0xF0444B4E sbp2port.sys DriverUnload: 0xF0440AB6 sbp2port.sys IRP_MJ_CREATE: 0xF0446DB6 sbp2port.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0446DB6 sbp2port.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0446D32 sbp2port.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04448A8 sbp2port.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0441758 sbp2port.sys IRP_MJ_SYSTEM_CONTROL: 0xF044753C sbp2port.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0440F20 sbp2port.sys AddDevice: 0xF04464D8 sbp2port.sys ServiceKeyName: sbp2port \Driver\IPSEC<0xFF1E5270(3f07270)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF29CD68 \SystemRoot\System32\DRIVERS\ipsec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7B0DCE6 \SystemRoot\System32\DRIVERS\ipsec.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7AFB30A \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: IPSEC \Driver\PartMgr<0xFCD4DE50(136ae50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E08 PartMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081E040 PartMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF081C3BE PartMgr.sys IRP_MJ_CREATE: 0xF081CC80 PartMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF081C2C0 PartMgr.sys IRP_MJ_CLOSE: 0xF081CC80 PartMgr.sys IRP_MJ_READ: 0xF081C2C0 PartMgr.sys IRP_MJ_WRITE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_FLUSH_BUFFERS: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CONTROL: 0xF081DB90 PartMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_SHUTDOWN: 0xF081C2C0 PartMgr.sys IRP_MJ_LOCK_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_CLEANUP: 0xF081C2C0 PartMgr.sys IRP_MJ_CREATE_MAILSLOT: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_POWER: 0xF081C396 PartMgr.sys IRP_MJ_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CHANGE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_PNP: 0xF081CD20 PartMgr.sys AddDevice: 0xF081CEFA PartMgr.sys ServiceKeyName: PartMgr \Driver\NdisWan<0xFCD236B0(13406b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23848 \SystemRoot\System32\DRIVERS\ndiswan.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC711180 \SystemRoot\System32\DRIVERS\ndiswan.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: NdisWan \Driver\NdisTapi<0xFCD23C70(1340c70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23E08 \SystemRoot\System32\DRIVERS\ndistapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08A96E2 \SystemRoot\System32\DRIVERS\ndistapi.sys DriverStartIo: 0x00000000 DriverUnload: 0xF08A8BD8 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF08A8376 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NdisTapi \Driver\Serial<0xFCD7F030(139c030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD241A8 \SystemRoot\System32\DRIVERS\serial.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04CA300 \SystemRoot\System32\DRIVERS\serial.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04C5257 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE: 0xF04C4983 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04C7A49 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_READ: 0xF04C754A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_WRITE: 0xF04C9D1B \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_INFORMATION: 0xF04C4748 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SET_INFORMATION: 0xF04C573A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04C4BDB \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04C6F30 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04C6BF5 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04C7C41 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04C48DD \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SYSTEM_CONTROL: 0xF04C2800 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04C2872 \SystemRoot\System32\DRIVERS\serial.sys AddDevice: 0xF04C435C \SystemRoot\System32\DRIVERS\serial.sys ServiceKeyName: Serial \Driver\Gpc<0xFCCAA530(12c7530)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1228 \SystemRoot\System32\DRIVERS\msgpc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF05702E0 \SystemRoot\System32\DRIVERS\msgpc.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLOSE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_READ: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_WRITE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FLUSH_BUFFERS: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DIRECTORY_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SHUTDOWN: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_LOCK_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLEANUP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_MAILSLOT: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_POWER: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CHANGE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_PNP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys AddDevice: 0x00000000 ServiceKeyName: Gpc \Driver\ACPI<0xFCE149F0(14319f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys FastIoDispatch: 0xFCA11560 ACPI.sys DriverInit: 0xFCA1C10B ACPI.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9FE758 ACPI.sys IRP_MJ_CREATE: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC9FE52C ACPI.sys IRP_MJ_CLOSE: 0xFC9FE52C ACPI.sys IRP_MJ_READ: 0xFC9FE52C ACPI.sys IRP_MJ_WRITE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_EA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_EA: 0xFC9FE52C ACPI.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_SHUTDOWN: 0xFC9FE52C ACPI.sys IRP_MJ_LOCK_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_CLEANUP: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_MAILSLOT: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_SET_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_POWER: 0xFC9FE52C ACPI.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CHANGE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_PNP: 0xFC9FE52C ACPI.sys AddDevice: 0xFC9FE1FB ACPI.sys ServiceKeyName: ACPI \Driver\PnpManager<0xFCE18EF0(1435ef0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x80551D98 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8042890A \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804E210C \WINNT\System32\ntoskrnl.exe AddDevice: 0x8051DE5C \WINNT\System32\ntoskrnl.exe ServiceKeyName: \Driver\PnpManager \Driver\Parallel<0xFCD79C90(1396c90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79E68 \SystemRoot\System32\DRIVERS\parallel.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0502BBE \SystemRoot\System32\DRIVERS\parallel.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0502CFA \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE: 0xF0503B08 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0503CB4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_READ: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_WRITE: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_INFORMATION: 0xF0504B48 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SET_INFORMATION: 0xF0504BE4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0502D5C \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0503106 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0503C30 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0508876 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SYSTEM_CONTROL: 0xF050CF24 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0507612 \SystemRoot\System32\DRIVERS\parallel.sys AddDevice: 0xF0507EC4 \SystemRoot\System32\DRIVERS\parallel.sys ServiceKeyName: Parallel \Driver\Flpydisk<0xFCD1F430(133c430)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD35668 \SystemRoot\System32\DRIVERS\flpydisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07CBBA0 \SystemRoot\System32\DRIVERS\flpydisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07C82E0 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_READ: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_WRITE: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07C9466 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07C9BEE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07C991C \SystemRoot\System32\DRIVERS\flpydisk.sys AddDevice: 0xF07C900C \SystemRoot\System32\DRIVERS\flpydisk.sys ServiceKeyName: Flpydisk \Driver\i81x<0xFCD26D70(1343d70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD81328 \SystemRoot\System32\DRIVERS\i81xnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC8B22E0 \SystemRoot\System32\DRIVERS\i81xnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0485F98 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF048572C \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS AddDevice: 0xF04886F4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS ServiceKeyName: i81x \Driver\AFD<0xFF287DF0(590ddf0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2886C8 \SystemRoot\System32\drivers\afd.sys FastIoDispatch: 0xF7FFFC30 \SystemRoot\System32\drivers\afd.sys DriverInit: 0xF801784A \SystemRoot\System32\drivers\afd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLOSE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_READ: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_WRITE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FLUSH_BUFFERS: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CONTROL: 0xF80002D6 \SystemRoot\System32\drivers\afd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SHUTDOWN: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_LOCK_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLEANUP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_MAILSLOT: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_POWER: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CHANGE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_PNP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys AddDevice: 0x00000000 ServiceKeyName: AFD \Driver\Fsks<0xFF260B30(6363b30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD455E8 \SystemRoot\System32\DRIVERS\fsksnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E7A938 \SystemRoot\System32\DRIVERS\fsksnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E68560 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_READ: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fsks \Driver\Parport<0xFCD7EE70(139be70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E008 \SystemRoot\System32\DRIVERS\parport.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07104A2 \SystemRoot\System32\DRIVERS\parport.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0710572 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE: 0xF0710EF0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0710F66 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0710850 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07102E0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF071334A \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SYSTEM_CONTROL: 0xF0714B86 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0712914 \SystemRoot\System32\DRIVERS\parport.sys AddDevice: 0xF071289A \SystemRoot\System32\DRIVERS\parport.sys ServiceKeyName: Parport \Driver\IntelIde<0xFCD87030(13a4030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09CA2C0 intelide.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: IntelIde \Driver\ApfiltrService<0xFCDC45D0(13e15d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4768 \SystemRoot\System32\DRIVERS\Apfiltr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04A8F80 \SystemRoot\System32\DRIVERS\Apfiltr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04A8F74 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLOSE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_READ: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_WRITE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FLUSH_BUFFERS: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CONTROL: 0xF04A7DA6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04A8B5A \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SHUTDOWN: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_LOCK_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLEANUP: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_MAILSLOT: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_POWER: 0xF04A8EFA \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CHANGE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_PNP: 0xF04A8D82 \SystemRoot\System32\DRIVERS\Apfiltr.sys AddDevice: 0xF04A7B20 \SystemRoot\System32\DRIVERS\Apfiltr.sys ServiceKeyName: ApfiltrService \Driver\CmBatt<0xFCD25CD0(1342cd0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25E68 \SystemRoot\System32\DRIVERS\CmBatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF088DBA0 \SystemRoot\System32\DRIVERS\CmBatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF088D340 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF088D3AA \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF088D060 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF088D0A4 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF088CE78 \SystemRoot\System32\DRIVERS\CmBatt.sys AddDevice: 0xF088CA18 \SystemRoot\System32\DRIVERS\CmBatt.sys ServiceKeyName: CmBatt \Driver\SPI<0xFCD24F30(1341f30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25148 \SystemRoot\System32\Drivers\SonyPI.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04B785C \SystemRoot\System32\Drivers\SonyPI.sys DriverStartIo: 0xF04B0EBD \SystemRoot\System32\Drivers\SonyPI.sys DriverUnload: 0xF04B6720 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_READ: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_WRITE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys AddDevice: 0xF04B0ED3 \SystemRoot\System32\Drivers\SonyPI.sys ServiceKeyName: SPI \Driver\iLINKnet<0xFCD22E90(133fe90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD2E8 \SystemRoot\System32\DRIVERS\SonyiNet.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07A8414 \SystemRoot\System32\DRIVERS\SonyiNet.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: iLINKnet \Driver\i8042prt<0xFCD80E30(139de30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD441A8 \SystemRoot\System32\DRIVERS\i8042prt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0498000 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverStartIo: 0xF04906D6 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverUnload: 0xF0495091 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE: 0xF0493295 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0494F3F \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0491583 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0494F68 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0490300 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0496695 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SYSTEM_CONTROL: 0xF04932DA \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0493120 \SystemRoot\System32\DRIVERS\i8042prt.sys AddDevice: 0xF0494E5C \SystemRoot\System32\DRIVERS\i8042prt.sys ServiceKeyName: i8042prt \FileSystem\NetBIOS<0xFCCA62D0(12c32d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA61A8 \SystemRoot\System32\DRIVERS\netbios.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0586E20 \SystemRoot\System32\DRIVERS\netbios.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0581676 \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NetBIOS \FileSystem\Fastfat<0xFCE11550(142e550)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys FastIoDispatch: 0xFC957220 Fastfat.sys DriverInit: 0xFC972806 Fastfat.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC95805E Fastfat.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC958DDA Fastfat.sys IRP_MJ_READ: 0xFC9542E0 Fastfat.sys IRP_MJ_WRITE: 0xFC954482 Fastfat.sys IRP_MJ_QUERY_INFORMATION: 0xFC95DA34 Fastfat.sys IRP_MJ_SET_INFORMATION: 0xFC960D30 Fastfat.sys IRP_MJ_QUERY_EA: 0xFC9683AC Fastfat.sys IRP_MJ_SET_EA: 0xFC96845C Fastfat.sys IRP_MJ_FLUSH_BUFFERS: 0xFC963082 Fastfat.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9637BE Fastfat.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC972264 Fastfat.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC957EF0 Fastfat.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC95FF78 Fastfat.sys IRP_MJ_DEVICE_CONTROL: 0xFC95F84E Fastfat.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9711FA Fastfat.sys IRP_MJ_LOCK_CONTROL: 0xFC9704B8 Fastfat.sys IRP_MJ_CLEANUP: 0xFC95B288 Fastfat.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC97092E Fastfat.sys AddDevice: 0x00000000 ServiceKeyName: Fastfat \FileSystem\Rdbss<0xFCCB1AB0(12ceab0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1A28 \SystemRoot\System32\DRIVERS\rdbss.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF82BFF20 \SystemRoot\System32\DRIVERS\rdbss.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82BA154 \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLOSE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_READ: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_WRITE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FLUSH_BUFFERS: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SHUTDOWN: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_LOCK_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLEANUP: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_MAILSLOT: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_POWER: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CHANGE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Rdbss \FileSystem\UdfReadr<0xFCD61E10(137ee10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD61FA8 \SystemRoot\System32\Drivers\UdfReadr.SYS FastIoDispatch: 0xF8395560 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverInit: 0xF8372722 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF8372BAA \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLOSE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_READ: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_WRITE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FLUSH_BUFFERS: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DIRECTORY_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SHUTDOWN: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_LOCK_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLEANUP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_MAILSLOT: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_POWER: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CHANGE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_PNP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS AddDevice: 0x00000000 ServiceKeyName: UdfReadr \FileSystem\Msfs<0xFCCF2F30(130ff30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD62AC8 \SystemRoot\System32\Drivers\Msfs.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07FBEDA \SystemRoot\System32\Drivers\Msfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF07F9740 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07FA834 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_READ: 0xF07F9140 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_WRITE: 0xF07F9478 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF07FABC4 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_INFORMATION: 0xF07FB7EE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF07FB09A \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF07FB268 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF07FBC4C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07FA368 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_MAILSLOT: 0xF07F9DAC \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_SECURITY: 0xF07FB97C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_SECURITY: 0xF07FB9FE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Msfs \FileSystem\MRxSmb<0xFCC96510(12b3510)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC966A8 \SystemRoot\System32\DRIVERS\mrxsmb.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF8254DD6 \SystemRoot\System32\DRIVERS\mrxsmb.sys DriverStartIo: 0x00000000 DriverUnload: 0xF8269508 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLOSE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_READ: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_WRITE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FLUSH_BUFFERS: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SHUTDOWN: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_LOCK_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLEANUP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_MAILSLOT: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_POWER: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CHANGE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_PNP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys AddDevice: 0x00000000 ServiceKeyName: MRxSmb \FileSystem\Srv<0xFF22C830(7aef830)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF22CE68 \SystemRoot\System32\DRIVERS\srv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7CDA0A0 \SystemRoot\System32\DRIVERS\srv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7CC9727 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLOSE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_READ: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_WRITE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_EA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_EA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FLUSH_BUFFERS: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DIRECTORY_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SHUTDOWN: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_LOCK_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLEANUP: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_MAILSLOT: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_SECURITY: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_SECURITY: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_POWER: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SYSTEM_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CHANGE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_QUOTA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_QUOTA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_PNP: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys AddDevice: 0x00000000 ServiceKeyName: Srv \FileSystem\NaiFsRec<0xFCD45790(1362790)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF090494E NaiFsRec.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09043FA NaiFsRec.sys IRP_MJ_CLOSE: 0xF09043FA NaiFsRec.sys IRP_MJ_READ: 0xF09043FA NaiFsRec.sys IRP_MJ_WRITE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_FLUSH_BUFFERS: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_SHUTDOWN: 0xF09043FA NaiFsRec.sys IRP_MJ_LOCK_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_CLEANUP: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_MAILSLOT: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_POWER: 0xF09043FA NaiFsRec.sys IRP_MJ_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CHANGE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_PNP: 0xF09043FA NaiFsRec.sys AddDevice: 0x00000000 ServiceKeyName: NaiFsRec \FileSystem\Mup<0xFCD826D0(139f6d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys FastIoDispatch: 0xFC907258 Mup.sys DriverInit: 0xFC90AB04 Mup.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC90936E Mup.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC90936E Mup.sys IRP_MJ_CLOSE: 0xFC90911E Mup.sys IRP_MJ_READ: 0xFC9056B6 Mup.sys IRP_MJ_WRITE: 0xFC90A1D8 Mup.sys IRP_MJ_QUERY_INFORMATION: 0xFC90FBBC Mup.sys IRP_MJ_SET_INFORMATION: 0xFC90FCD0 Mup.sys IRP_MJ_QUERY_EA: 0xFC9056B6 Mup.sys IRP_MJ_SET_EA: 0xFC9056B6 Mup.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC917AE8 Mup.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC917CB6 Mup.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC90A5DA Mup.sys IRP_MJ_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_SHUTDOWN: 0xFC9056B6 Mup.sys IRP_MJ_LOCK_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_CLEANUP: 0xFC908E2E Mup.sys IRP_MJ_CREATE_MAILSLOT: 0xFC90936E Mup.sys IRP_MJ_QUERY_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_SET_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_POWER: 0xFC9056B6 Mup.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_DEVICE_CHANGE: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_SET_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_PNP: 0xFC9056B6 Mup.sys AddDevice: 0x00000000 ServiceKeyName: Mup \FileSystem\RAW<0xFCE14E50(1431e50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8055EF80 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 \FileSystem\Npfs<0xFCCF2810(130f810)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF29A8 \SystemRoot\System32\Drivers\Npfs.SYS FastIoDispatch: 0xF0562208 \SystemRoot\System32\Drivers\Npfs.SYS DriverInit: 0xF056790E \SystemRoot\System32\Drivers\Npfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05626FE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF0562AE4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CLOSE: 0xF056257C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_READ: 0xF0565BB4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_WRITE: 0xF0566F5A \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF0563792 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_INFORMATION: 0xF0563832 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0563ED4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF0566DD4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF05631BE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF0564070 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF05623E6 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xF056633C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_SECURITY: 0xF05663DC \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Npfs \FileSystem\Fs_Rec<0xFCD649F0(13819f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD64968 \SystemRoot\System32\Drivers\Fs_Rec.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0917294 \SystemRoot\System32\Drivers\Fs_Rec.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF091653E \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE: 0xF0916492 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09164C4 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fs_Rec \FileSystem\Cdfs<0xFF1F6AF0(35caf0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\Drivers\Cdfs.SYS FastIoDispatch: 0xF7ED3CE0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverInit: 0xF7EDF1A0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_READ: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_INFORMATION: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_DEVICE_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CLEANUP: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS AddDevice: 0x00000000 ServiceKeyName: Cdfs Driver count: 100 KeServiceDescriptorTable at virtual address : 0x8046B840(46b840) 0 0x804BBAD9 \WINNT\System32\ntoskrnl.exe 1 0x804B322A \WINNT\System32\ntoskrnl.exe 2 0x804B371A \WINNT\System32\ntoskrnl.exe 3 0x8050ABDE \WINNT\System32\ntoskrnl.exe 4 0x804AADD7 \WINNT\System32\ntoskrnl.exe 5 0x8045A6DE \WINNT\System32\ntoskrnl.exe 6 0x8050BE92 \WINNT\System32\ntoskrnl.exe 7 0x8050BED2 \WINNT\System32\ntoskrnl.exe 8 0x804A6E80 \WINNT\System32\ntoskrnl.exe 9 0x80508458 \WINNT\System32\ntoskrnl.exe a 0x804ABA51 \WINNT\System32\ntoskrnl.exe b 0x804FBBF0 \WINNT\System32\ntoskrnl.exe c 0x804AECE7 \WINNT\System32\ntoskrnl.exe d 0x804AB72A \WINNT\System32\ntoskrnl.exe e 0x804492BA \WINNT\System32\ntoskrnl.exe f 0x804AAE39 \WINNT\System32\ntoskrnl.exe 10 0x8049ED34 \WINNT\System32\ntoskrnl.exe 11 0x804EF7C3 \WINNT\System32\ntoskrnl.exe 12 0x804FBFA3 \WINNT\System32\ntoskrnl.exe 13 0x8040189A \WINNT\System32\ntoskrnl.exe 14 0x804CB21E \WINNT\System32\ntoskrnl.exe 15 0x80418F04 \WINNT\System32\ntoskrnl.exe 16 0x804E9B8C \WINNT\System32\ntoskrnl.exe 17 0x80498F39 \WINNT\System32\ntoskrnl.exe 18 0x8044D292 \WINNT\System32\ntoskrnl.exe 19 0x804AAD7D \WINNT\System32\ntoskrnl.exe 1a 0x804BBF63 \WINNT\System32\ntoskrnl.exe 1b 0x804BC28B \WINNT\System32\ntoskrnl.exe 1c 0x804668B0 \WINNT\System32\ntoskrnl.exe 1d 0x804F3CE6 \WINNT\System32\ntoskrnl.exe 1e 0x8049AE26 \WINNT\System32\ntoskrnl.exe 1f 0x804C47BF \WINNT\System32\ntoskrnl.exe 20 0x8049A5F1 \WINNT\System32\ntoskrnl.exe 21 0x804BA7B0 \WINNT\System32\ntoskrnl.exe 22 0x804FBCC6 \WINNT\System32\ntoskrnl.exe 23 0x804A0635 \WINNT\System32\ntoskrnl.exe 24 0x8048ECD1 \WINNT\System32\ntoskrnl.exe 25 0x804A6DBA \WINNT\System32\ntoskrnl.exe 26 0x8048EBF9 \WINNT\System32\ntoskrnl.exe 27 0x804ECAC7 \WINNT\System32\ntoskrnl.exe 28 0x804B501B \WINNT\System32\ntoskrnl.exe 29 0x804BD4CB \WINNT\System32\ntoskrnl.exe 2a 0x804C3D89 \WINNT\System32\ntoskrnl.exe 2b 0x804B963E \WINNT\System32\ntoskrnl.exe 2c 0x804B849C \WINNT\System32\ntoskrnl.exe 2d 0x80491F98 \WINNT\System32\ntoskrnl.exe 2e 0x804BB61D \WINNT\System32\ntoskrnl.exe 2f 0x8048E37F \WINNT\System32\ntoskrnl.exe 30 0x8050E0D0 \WINNT\System32\ntoskrnl.exe 31 0x804EA9EA \WINNT\System32\ntoskrnl.exe 32 0x80498B96 \WINNT\System32\ntoskrnl.exe 33 0x804B7FE0 \WINNT\System32\ntoskrnl.exe 34 0x804CB386 \WINNT\System32\ntoskrnl.exe 35 0x804958F5 \WINNT\System32\ntoskrnl.exe 36 0x8050C24E \WINNT\System32\ntoskrnl.exe 37 0x804AC8B6 \WINNT\System32\ntoskrnl.exe 38 0x804A22EF \WINNT\System32\ntoskrnl.exe 39 0x804C0066 \WINNT\System32\ntoskrnl.exe 3a 0x804BAA57 \WINNT\System32\ntoskrnl.exe 3b 0x804A408E \WINNT\System32\ntoskrnl.exe 3c 0x804B9EEF \WINNT\System32\ntoskrnl.exe 3d 0x804A14B2 \WINNT\System32\ntoskrnl.exe 3e 0x804F0212 \WINNT\System32\ntoskrnl.exe 3f 0x80508F0A \WINNT\System32\ntoskrnl.exe 40 0x804A6385 \WINNT\System32\ntoskrnl.exe 41 0x804A1CCB \WINNT\System32\ntoskrnl.exe 42 0x804B927C \WINNT\System32\ntoskrnl.exe 43 0x804B306C \WINNT\System32\ntoskrnl.exe 44 0x804B0757 \WINNT\System32\ntoskrnl.exe 45 0x804F063F \WINNT\System32\ntoskrnl.exe 46 0x804498E5 \WINNT\System32\ntoskrnl.exe 47 0x804A29E7 \WINNT\System32\ntoskrnl.exe 48 0x8049C1A5 \WINNT\System32\ntoskrnl.exe 49 0x80492F9B \WINNT\System32\ntoskrnl.exe 4a 0x804F5C02 \WINNT\System32\ntoskrnl.exe 4b 0x80517DFD \WINNT\System32\ntoskrnl.exe 4c 0x80461606 \WINNT\System32\ntoskrnl.exe 4d 0x80449F2C \WINNT\System32\ntoskrnl.exe 4e 0x8050EB71 \WINNT\System32\ntoskrnl.exe 4f 0x804A4826 \WINNT\System32\ntoskrnl.exe 50 0x80453B63 \WINNT\System32\ntoskrnl.exe 51 0x8051E658 \WINNT\System32\ntoskrnl.exe 52 0x804F59F0 \WINNT\System32\ntoskrnl.exe 53 0x804F5BF4 \WINNT\System32\ntoskrnl.exe 54 0x804EAC0D \WINNT\System32\ntoskrnl.exe 55 0x8052AD90 \WINNT\System32\ntoskrnl.exe 56 0x8051F33B \WINNT\System32\ntoskrnl.exe 57 0x80460FCE \WINNT\System32\ntoskrnl.exe 58 0x804A75FD \WINNT\System32\ntoskrnl.exe 59 0x804F06D6 \WINNT\System32\ntoskrnl.exe 5a 0x80491967 \WINNT\System32\ntoskrnl.exe 5b 0x804489A9 \WINNT\System32\ntoskrnl.exe 5c 0x80448DBC \WINNT\System32\ntoskrnl.exe 5d 0x804B977E \WINNT\System32\ntoskrnl.exe 5e 0x804B4CBA \WINNT\System32\ntoskrnl.exe 5f 0x804B9AD4 \WINNT\System32\ntoskrnl.exe 60 0x804B9B02 \WINNT\System32\ntoskrnl.exe 61 0x804BC938 \WINNT\System32\ntoskrnl.exe 62 0x804A6810 \WINNT\System32\ntoskrnl.exe 63 0x804C48AB \WINNT\System32\ntoskrnl.exe 64 0x804B6C37 \WINNT\System32\ntoskrnl.exe 65 0x804CFC5B \WINNT\System32\ntoskrnl.exe 66 0x804FBEDB \WINNT\System32\ntoskrnl.exe 67 0x8049FDAE \WINNT\System32\ntoskrnl.exe 68 0x804A7039 \WINNT\System32\ntoskrnl.exe 69 0x804AED64 \WINNT\System32\ntoskrnl.exe 6a 0x804BE76D \WINNT\System32\ntoskrnl.exe 6b 0x8049E5E5 \WINNT\System32\ntoskrnl.exe 6c 0x804B941B \WINNT\System32\ntoskrnl.exe 6d 0x804AAA86 \WINNT\System32\ntoskrnl.exe 6e 0x804BC708 \WINNT\System32\ntoskrnl.exe 6f 0x804ABD64 \WINNT\System32\ntoskrnl.exe 70 0x80499353 \WINNT\System32\ntoskrnl.exe 71 0x804C4485 \WINNT\System32\ntoskrnl.exe 72 0x804B11E3 \WINNT\System32\ntoskrnl.exe 73 0x8049227F \WINNT\System32\ntoskrnl.exe 74 0x804ABF6F \WINNT\System32\ntoskrnl.exe 75 0x8050B5E3 \WINNT\System32\ntoskrnl.exe 76 0x8050B3BF \WINNT\System32\ntoskrnl.exe 77 0x804BAE4E \WINNT\System32\ntoskrnl.exe 78 0x804BF790 \WINNT\System32\ntoskrnl.exe 79 0x804B4964 \WINNT\System32\ntoskrnl.exe 7a 0x804B6EE6 \WINNT\System32\ntoskrnl.exe 7b 0x804B67D3 \WINNT\System32\ntoskrnl.exe 7c 0x804A7A5C \WINNT\System32\ntoskrnl.exe 7d 0x804BED76 \WINNT\System32\ntoskrnl.exe 7e 0x80491C73 \WINNT\System32\ntoskrnl.exe 7f 0x804D06D6 \WINNT\System32\ntoskrnl.exe 80 0x804BEA2A \WINNT\System32\ntoskrnl.exe 81 0x804B43D3 \WINNT\System32\ntoskrnl.exe 82 0x804B7154 \WINNT\System32\ntoskrnl.exe 83 0x804BDA90 \WINNT\System32\ntoskrnl.exe 84 0x80498DBB \WINNT\System32\ntoskrnl.exe 85 0x804EAC8B \WINNT\System32\ntoskrnl.exe 86 0x804B6854 \WINNT\System32\ntoskrnl.exe 87 0x80498FC2 \WINNT\System32\ntoskrnl.exe 88 0x8049E3E0 \WINNT\System32\ntoskrnl.exe 89 0x804A7E24 \WINNT\System32\ntoskrnl.exe 8a 0x804C4357 \WINNT\System32\ntoskrnl.exe 8b 0x804A0EB7 \WINNT\System32\ntoskrnl.exe 8c 0x8051F9F0 \WINNT\System32\ntoskrnl.exe 8d 0x804C461E \WINNT\System32\ntoskrnl.exe 8e 0x804A2E40 \WINNT\System32\ntoskrnl.exe 8f 0x80520094 \WINNT\System32\ntoskrnl.exe 90 0x804BF0C1 \WINNT\System32\ntoskrnl.exe 91 0x804D15EE \WINNT\System32\ntoskrnl.exe 92 0x804BCAFC \WINNT\System32\ntoskrnl.exe 93 0x8044D7BA \WINNT\System32\ntoskrnl.exe 94 0x804C2ECD \WINNT\System32\ntoskrnl.exe 95 0x804BC7A5 \WINNT\System32\ntoskrnl.exe 96 0x804C37D8 \WINNT\System32\ntoskrnl.exe 97 0x8049F2CE \WINNT\System32\ntoskrnl.exe 98 0x804A2888 \WINNT\System32\ntoskrnl.exe 99 0x804AD79C \WINNT\System32\ntoskrnl.exe 9a 0x804B0536 \WINNT\System32\ntoskrnl.exe 9b 0x804A01DA \WINNT\System32\ntoskrnl.exe 9c 0x804B77C4 \WINNT\System32\ntoskrnl.exe 9d 0x804A6670 \WINNT\System32\ntoskrnl.exe 9e 0x804AD6F9 \WINNT\System32\ntoskrnl.exe 9f 0x804668F8 \WINNT\System32\ntoskrnl.exe a0 0x804C2B38 \WINNT\System32\ntoskrnl.exe a1 0x8049AF1B \WINNT\System32\ntoskrnl.exe a2 0x804D2295 \WINNT\System32\ntoskrnl.exe a3 0x804BC642 \WINNT\System32\ntoskrnl.exe a4 0x804A585A \WINNT\System32\ntoskrnl.exe a5 0x804BB8F2 \WINNT\System32\ntoskrnl.exe a6 0x80499536 \WINNT\System32\ntoskrnl.exe a7 0x8049DAC1 \WINNT\System32\ntoskrnl.exe a8 0x804991E5 \WINNT\System32\ntoskrnl.exe a9 0x8051F81F \WINNT\System32\ntoskrnl.exe aa 0x804A42A8 \WINNT\System32\ntoskrnl.exe ab 0x804986CE \WINNT\System32\ntoskrnl.exe ac 0x804339E4 \WINNT\System32\ntoskrnl.exe ad 0x804EAE8E \WINNT\System32\ntoskrnl.exe ae 0x804F5B92 \WINNT\System32\ntoskrnl.exe af 0x804B29EE \WINNT\System32\ntoskrnl.exe b0 0x80498311 \WINNT\System32\ntoskrnl.exe b1 0x804F599C \WINNT\System32\ntoskrnl.exe b2 0x804BF8E0 \WINNT\System32\ntoskrnl.exe b3 0x8044A413 \WINNT\System32\ntoskrnl.exe b4 0x8051EF54 \WINNT\System32\ntoskrnl.exe b5 0x804BB755 \WINNT\System32\ntoskrnl.exe b6 0x80495A06 \WINNT\System32\ntoskrnl.exe b7 0x8051F0B8 \WINNT\System32\ntoskrnl.exe b8 0x804330BD \WINNT\System32\ntoskrnl.exe b9 0x804BEE87 \WINNT\System32\ntoskrnl.exe ba 0x804931B3 \WINNT\System32\ntoskrnl.exe bb 0x804C2DCF \WINNT\System32\ntoskrnl.exe bc 0x804C0322 \WINNT\System32\ntoskrnl.exe bd 0x804C08F0 \WINNT\System32\ntoskrnl.exe be 0x804D0C43 \WINNT\System32\ntoskrnl.exe bf 0x80498E90 \WINNT\System32\ntoskrnl.exe c0 0x804C4B4D \WINNT\System32\ntoskrnl.exe c1 0x804C4A93 \WINNT\System32\ntoskrnl.exe c2 0x804A16C0 \WINNT\System32\ntoskrnl.exe c3 0x804FCE5A \WINNT\System32\ntoskrnl.exe c4 0x8051F525 \WINNT\System32\ntoskrnl.exe c5 0x804A2F65 \WINNT\System32\ntoskrnl.exe c6 0x804B732C \WINNT\System32\ntoskrnl.exe c7 0x8049D596 \WINNT\System32\ntoskrnl.exe c8 0x8050F100 \WINNT\System32\ntoskrnl.exe c9 0x804C4345 \WINNT\System32\ntoskrnl.exe ca 0x80492B0E \WINNT\System32\ntoskrnl.exe cb 0x804C4AF7 \WINNT\System32\ntoskrnl.exe cc 0x804C4A2F \WINNT\System32\ntoskrnl.exe cd 0x804D1B59 \WINNT\System32\ntoskrnl.exe ce 0x8044D6C5 \WINNT\System32\ntoskrnl.exe cf 0x804C3A62 \WINNT\System32\ntoskrnl.exe d0 0x8048D7CA \WINNT\System32\ntoskrnl.exe d1 0x80489C29 \WINNT\System32\ntoskrnl.exe d2 0x8048DE42 \WINNT\System32\ntoskrnl.exe d3 0x804921A9 \WINNT\System32\ntoskrnl.exe d4 0x8041909D \WINNT\System32\ntoskrnl.exe d5 0x8048DF4C \WINNT\System32\ntoskrnl.exe d6 0x804C3279 \WINNT\System32\ntoskrnl.exe d7 0x804A8822 \WINNT\System32\ntoskrnl.exe d8 0x804D1C75 \WINNT\System32\ntoskrnl.exe d9 0x804C0034 \WINNT\System32\ntoskrnl.exe da 0x8044E121 \WINNT\System32\ntoskrnl.exe db 0x804C3FFA \WINNT\System32\ntoskrnl.exe dc 0x804C42A1 \WINNT\System32\ntoskrnl.exe dd 0x80492ECB \WINNT\System32\ntoskrnl.exe de 0x8052ABEF \WINNT\System32\ntoskrnl.exe df 0x804FDC2C \WINNT\System32\ntoskrnl.exe e0 0x804BE082 \WINNT\System32\ntoskrnl.exe e1 0x804B7C2F \WINNT\System32\ntoskrnl.exe e2 0x804BB99A \WINNT\System32\ntoskrnl.exe e3 0x8052AF5D \WINNT\System32\ntoskrnl.exe e4 0x8051F34D \WINNT\System32\ntoskrnl.exe e5 0x804A73C6 \WINNT\System32\ntoskrnl.exe e6 0x804B469E \WINNT\System32\ntoskrnl.exe e7 0x804B82A3 \WINNT\System32\ntoskrnl.exe e8 0x80494707 \WINNT\System32\ntoskrnl.exe e9 0x8044E312 \WINNT\System32\ntoskrnl.exe ea 0x80498C2D \WINNT\System32\ntoskrnl.exe eb 0x804C49D1 \WINNT\System32\ntoskrnl.exe ec 0x804C4973 \WINNT\System32\ntoskrnl.exe ed 0x804A1A9A \WINNT\System32\ntoskrnl.exe ee 0x804D2B4A \WINNT\System32\ntoskrnl.exe ef 0x804BC69B \WINNT\System32\ntoskrnl.exe f0 0x804A56D1 \WINNT\System32\ntoskrnl.exe f1 0x804E9B84 \WINNT\System32\ntoskrnl.exe f2 0x804E9B84 \WINNT\System32\ntoskrnl.exe f3 0x804E9B84 \WINNT\System32\ntoskrnl.exe f4 0x80432FFF \WINNT\System32\ntoskrnl.exe f5 0x80446B97 \WINNT\System32\ntoskrnl.exe f6 0x804E9B8C \WINNT\System32\ntoskrnl.exe f7 0x80433007 \WINNT\System32\ntoskrnl.exe KeServiceDescriptorTableShadow at virtual address : 0x8046B880(46b880) 0 0xA0105666 \??\C:\WINNT\system32\win32k.sys 1 0xA011D430 \??\C:\WINNT\system32\win32k.sys 2 0xA00AEB4F \??\C:\WINNT\system32\win32k.sys 3 0xA0111BE9 \??\C:\WINNT\system32\win32k.sys 4 0xA011F1CA \??\C:\WINNT\system32\win32k.sys 5 0xA0105C7B \??\C:\WINNT\system32\win32k.sys 6 0xA0106355 \??\C:\WINNT\system32\win32k.sys 7 0xA0102E82 \??\C:\WINNT\system32\win32k.sys 8 0xA011E911 \??\C:\WINNT\system32\win32k.sys 9 0xA004B276 \??\C:\WINNT\system32\win32k.sys a 0xA00B5F7A \??\C:\WINNT\system32\win32k.sys b 0xA005284F \??\C:\WINNT\system32\win32k.sys c 0xA00477BD \??\C:\WINNT\system32\win32k.sys d 0xA001AF74 \??\C:\WINNT\system32\win32k.sys e 0xA011EE73 \??\C:\WINNT\system32\win32k.sys f 0xA0120C7F \??\C:\WINNT\system32\win32k.sys 10 0xA00550C7 \??\C:\WINNT\system32\win32k.sys 11 0xA0120DD9 \??\C:\WINNT\system32\win32k.sys 12 0xA0077603 \??\C:\WINNT\system32\win32k.sys 13 0xA004D14B \??\C:\WINNT\system32\win32k.sys 14 0xA007A0EF \??\C:\WINNT\system32\win32k.sys 15 0xA0016344 \??\C:\WINNT\system32\win32k.sys 16 0xA004F7EF \??\C:\WINNT\system32\win32k.sys 17 0xA001E106 \??\C:\WINNT\system32\win32k.sys 18 0xA0089E93 \??\C:\WINNT\system32\win32k.sys 19 0xA004FE0F \??\C:\WINNT\system32\win32k.sys 1a 0xA0120932 \??\C:\WINNT\system32\win32k.sys 1b 0xA00761D6 \??\C:\WINNT\system32\win32k.sys 1c 0xA001D56E \??\C:\WINNT\system32\win32k.sys 1d 0xA006854C \??\C:\WINNT\system32\win32k.sys 1e 0xA0091F45 \??\C:\WINNT\system32\win32k.sys 1f 0xA009310D \??\C:\WINNT\system32\win32k.sys 20 0xA010938E \??\C:\WINNT\system32\win32k.sys 21 0xA0094717 \??\C:\WINNT\system32\win32k.sys 22 0xA00526B9 \??\C:\WINNT\system32\win32k.sys 23 0xA004CC3F \??\C:\WINNT\system32\win32k.sys 24 0xA0093FF3 \??\C:\WINNT\system32\win32k.sys 25 0xA008AD46 \??\C:\WINNT\system32\win32k.sys 26 0xA007786F \??\C:\WINNT\system32\win32k.sys 27 0xA0077E6B \??\C:\WINNT\system32\win32k.sys 28 0xA01094A3 \??\C:\WINNT\system32\win32k.sys 29 0xA00B103A \??\C:\WINNT\system32\win32k.sys 2a 0xA001DC18 \??\C:\WINNT\system32\win32k.sys 2b 0xA0123824 \??\C:\WINNT\system32\win32k.sys 2c 0xA0123BC3 \??\C:\WINNT\system32\win32k.sys 2d 0xA0123C54 \??\C:\WINNT\system32\win32k.sys 2e 0xA012402C \??\C:\WINNT\system32\win32k.sys 2f 0xA0123CC2 \??\C:\WINNT\system32\win32k.sys 30 0xA01241FE \??\C:\WINNT\system32\win32k.sys 31 0xA0127078 \??\C:\WINNT\system32\win32k.sys 32 0xA0128FDC \??\C:\WINNT\system32\win32k.sys 33 0xA00BB12D \??\C:\WINNT\system32\win32k.sys 34 0xA012875C \??\C:\WINNT\system32\win32k.sys 35 0xA0125E29 \??\C:\WINNT\system32\win32k.sys 36 0xA00A7695 \??\C:\WINNT\system32\win32k.sys 37 0xA012697A \??\C:\WINNT\system32\win32k.sys 38 0xA01278BC \??\C:\WINNT\system32\win32k.sys 39 0xA00A8397 \??\C:\WINNT\system32\win32k.sys 3a 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3b 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3c 0xA012811E \??\C:\WINNT\system32\win32k.sys 3d 0xA00BBF6C \??\C:\WINNT\system32\win32k.sys 3e 0xA00A647F \??\C:\WINNT\system32\win32k.sys 3f 0xA00A6BED \??\C:\WINNT\system32\win32k.sys 40 0xA01286ED \??\C:\WINNT\system32\win32k.sys 41 0xA00BAFA1 \??\C:\WINNT\system32\win32k.sys 42 0xA0126FAF \??\C:\WINNT\system32\win32k.sys 43 0xA01289C6 \??\C:\WINNT\system32\win32k.sys 44 0xA00BC55B \??\C:\WINNT\system32\win32k.sys 45 0xA0127723 \??\C:\WINNT\system32\win32k.sys 46 0xA00B01E9 \??\C:\WINNT\system32\win32k.sys 47 0xA01267AF \??\C:\WINNT\system32\win32k.sys 48 0xA00BC9E9 \??\C:\WINNT\system32\win32k.sys 49 0xA00A8962 \??\C:\WINNT\system32\win32k.sys 4a 0xA0127B83 \??\C:\WINNT\system32\win32k.sys 4b 0xA00BBE3A \??\C:\WINNT\system32\win32k.sys 4c 0xA0128598 \??\C:\WINNT\system32\win32k.sys 4d 0xA01283B5 \??\C:\WINNT\system32\win32k.sys 4e 0xA0127CC7 \??\C:\WINNT\system32\win32k.sys 4f 0xA0127E7B \??\C:\WINNT\system32\win32k.sys 50 0xA01274DD \??\C:\WINNT\system32\win32k.sys 51 0xA00A6DF5 \??\C:\WINNT\system32\win32k.sys 52 0xA012659B \??\C:\WINNT\system32\win32k.sys 53 0xA00A8CF2 \??\C:\WINNT\system32\win32k.sys 54 0xA0128E95 \??\C:\WINNT\system32\win32k.sys 55 0xA00A90B3 \??\C:\WINNT\system32\win32k.sys 56 0xA00BC940 \??\C:\WINNT\system32\win32k.sys 57 0xA0128B4E \??\C:\WINNT\system32\win32k.sys 58 0xA00510ED \??\C:\WINNT\system32\win32k.sys 59 0xA00BC44C \??\C:\WINNT\system32\win32k.sys 5a 0xA012760B \??\C:\WINNT\system32\win32k.sys 5b 0xA0129484 \??\C:\WINNT\system32\win32k.sys 5c 0xA01295F6 \??\C:\WINNT\system32\win32k.sys 5d 0xA012737F \??\C:\WINNT\system32\win32k.sys 5e 0xA00BB0B6 \??\C:\WINNT\system32\win32k.sys 5f 0xA00A6D46 \??\C:\WINNT\system32\win32k.sys 60 0xA012669E \??\C:\WINNT\system32\win32k.sys 61 0xA00BAC82 \??\C:\WINNT\system32\win32k.sys 62 0xA00BC7BB \??\C:\WINNT\system32\win32k.sys 63 0xA012A818 \??\C:\WINNT\system32\win32k.sys 64 0xA012C011 \??\C:\WINNT\system32\win32k.sys 65 0xA012A960 \??\C:\WINNT\system32\win32k.sys 66 0xA012ABB0 \??\C:\WINNT\system32\win32k.sys 67 0xA012AC1F \??\C:\WINNT\system32\win32k.sys 68 0xA012AD9E \??\C:\WINNT\system32\win32k.sys 69 0xA012AF3D \??\C:\WINNT\system32\win32k.sys 6a 0xA012B076 \??\C:\WINNT\system32\win32k.sys 6b 0xA012B18C \??\C:\WINNT\system32\win32k.sys 6c 0xA012B53D \??\C:\WINNT\system32\win32k.sys 6d 0xA012B353 \??\C:\WINNT\system32\win32k.sys 6e 0xA012B623 \??\C:\WINNT\system32\win32k.sys 6f 0xA012B7E0 \??\C:\WINNT\system32\win32k.sys 70 0xA012B8C6 \??\C:\WINNT\system32\win32k.sys 71 0xA012BEE1 \??\C:\WINNT\system32\win32k.sys 72 0xA0089E60 \??\C:\WINNT\system32\win32k.sys 73 0xA005091C \??\C:\WINNT\system32\win32k.sys 74 0xA0120BA8 \??\C:\WINNT\system32\win32k.sys 75 0xA002BF83 \??\C:\WINNT\system32\win32k.sys 76 0xA005112A \??\C:\WINNT\system32\win32k.sys 77 0xA00BE7E4 \??\C:\WINNT\system32\win32k.sys 78 0xA00BE9D7 \??\C:\WINNT\system32\win32k.sys 79 0xA008A753 \??\C:\WINNT\system32\win32k.sys 7a 0xA011EA32 \??\C:\WINNT\system32\win32k.sys 7b 0xA009D1C7 \??\C:\WINNT\system32\win32k.sys 7c 0xA0001BCE \??\C:\WINNT\system32\win32k.sys 7d 0xA009AFBB \??\C:\WINNT\system32\win32k.sys 7e 0xA009AFC9 \??\C:\WINNT\system32\win32k.sys 7f 0xA004784C \??\C:\WINNT\system32\win32k.sys 80 0xA006F50B \??\C:\WINNT\system32\win32k.sys 81 0xA006E967 \??\C:\WINNT\system32\win32k.sys 82 0xA006EC6D \??\C:\WINNT\system32\win32k.sys 83 0xA004B483 \??\C:\WINNT\system32\win32k.sys 84 0xA00AFAFE \??\C:\WINNT\system32\win32k.sys 85 0xA012F5A6 \??\C:\WINNT\system32\win32k.sys 86 0xA012F409 \??\C:\WINNT\system32\win32k.sys 87 0xA003E887 \??\C:\WINNT\system32\win32k.sys 88 0xA006A99E \??\C:\WINNT\system32\win32k.sys 89 0xA004D1E9 \??\C:\WINNT\system32\win32k.sys 8a 0xA0045846 \??\C:\WINNT\system32\win32k.sys 8b 0xA013063C \??\C:\WINNT\system32\win32k.sys 8c 0xA002C5FE \??\C:\WINNT\system32\win32k.sys 8d 0xA002754A \??\C:\WINNT\system32\win32k.sys 8e 0xA006B82B \??\C:\WINNT\system32\win32k.sys 8f 0xA0055135 \??\C:\WINNT\system32\win32k.sys 90 0xA00A4872 \??\C:\WINNT\system32\win32k.sys 91 0xA011D548 \??\C:\WINNT\system32\win32k.sys 92 0xA0017998 \??\C:\WINNT\system32\win32k.sys 93 0xA0013C16 \??\C:\WINNT\system32\win32k.sys 94 0xA011FB03 \??\C:\WINNT\system32\win32k.sys 95 0xA010958E \??\C:\WINNT\system32\win32k.sys 96 0xA00B688E \??\C:\WINNT\system32\win32k.sys 97 0xA00717C5 \??\C:\WINNT\system32\win32k.sys 98 0xA0026505 \??\C:\WINNT\system32\win32k.sys 99 0xA0071F30 \??\C:\WINNT\system32\win32k.sys 9a 0xA00A6717 \??\C:\WINNT\system32\win32k.sys 9b 0xA00A3448 \??\C:\WINNT\system32\win32k.sys 9c 0xA0072381 \??\C:\WINNT\system32\win32k.sys 9d 0xA011DB5C \??\C:\WINNT\system32\win32k.sys 9e 0xA00291A3 \??\C:\WINNT\system32\win32k.sys 9f 0xA0070506 \??\C:\WINNT\system32\win32k.sys a0 0xA007D95E \??\C:\WINNT\system32\win32k.sys a1 0xA011ECD6 \??\C:\WINNT\system32\win32k.sys a2 0xA0130F14 \??\C:\WINNT\system32\win32k.sys a3 0xA0028C95 \??\C:\WINNT\system32\win32k.sys a4 0xA0077AE4 \??\C:\WINNT\system32\win32k.sys a5 0xA0077B0A \??\C:\WINNT\system32\win32k.sys a6 0xA00D64EF \??\C:\WINNT\system32\win32k.sys a7 0xA011EF23 \??\C:\WINNT\system32\win32k.sys a8 0xA0121025 \??\C:\WINNT\system32\win32k.sys a9 0xA0041AD8 \??\C:\WINNT\system32\win32k.sys aa 0xA00932EB \??\C:\WINNT\system32\win32k.sys ab 0xA0131CC0 \??\C:\WINNT\system32\win32k.sys ac 0xA012E6BD \??\C:\WINNT\system32\win32k.sys ad 0xA009DC8C \??\C:\WINNT\system32\win32k.sys ae 0xA011F494 \??\C:\WINNT\system32\win32k.sys af 0xA011FEDD \??\C:\WINNT\system32\win32k.sys b0 0xA011FD84 \??\C:\WINNT\system32\win32k.sys b1 0xA011EB52 \??\C:\WINNT\system32\win32k.sys b2 0xA00B9BD2 \??\C:\WINNT\system32\win32k.sys b3 0xA01057C6 \??\C:\WINNT\system32\win32k.sys b4 0xA011E98A \??\C:\WINNT\system32\win32k.sys b5 0xA0110FB5 \??\C:\WINNT\system32\win32k.sys b6 0xA0037922 \??\C:\WINNT\system32\win32k.sys b7 0xA0068781 \??\C:\WINNT\system32\win32k.sys b8 0xA004F5E9 \??\C:\WINNT\system32\win32k.sys b9 0xA0070B2A \??\C:\WINNT\system32\win32k.sys ba 0xA011D95F \??\C:\WINNT\system32\win32k.sys bb 0xA0080513 \??\C:\WINNT\system32\win32k.sys bc 0xA002755E \??\C:\WINNT\system32\win32k.sys bd 0xA00D4BCB \??\C:\WINNT\system32\win32k.sys be 0xA00B5F12 \??\C:\WINNT\system32\win32k.sys bf 0xA009C898 \??\C:\WINNT\system32\win32k.sys c0 0xA003E8A2 \??\C:\WINNT\system32\win32k.sys c1 0xA00D9C5F \??\C:\WINNT\system32\win32k.sys c2 0xA00A91E3 \??\C:\WINNT\system32\win32k.sys c3 0xA0131E9E \??\C:\WINNT\system32\win32k.sys c4 0xA001C464 \??\C:\WINNT\system32\win32k.sys c5 0xA012F6FF \??\C:\WINNT\system32\win32k.sys c6 0xA0071145 \??\C:\WINNT\system32\win32k.sys c7 0xA0037BC9 \??\C:\WINNT\system32\win32k.sys c8 0xA00940E7 \??\C:\WINNT\system32\win32k.sys c9 0xA00487D0 \??\C:\WINNT\system32\win32k.sys ca 0xA007CFC2 \??\C:\WINNT\system32\win32k.sys cb 0xA0079728 \??\C:\WINNT\system32\win32k.sys cc 0xA004C407 \??\C:\WINNT\system32\win32k.sys cd 0xA011F60B \??\C:\WINNT\system32\win32k.sys ce 0xA011F6E9 \??\C:\WINNT\system32\win32k.sys cf 0xA011FEFA \??\C:\WINNT\system32\win32k.sys d0 0xA007C94F \??\C:\WINNT\system32\win32k.sys d1 0xA0114441 \??\C:\WINNT\system32\win32k.sys d2 0xA0074EFC \??\C:\WINNT\system32\win32k.sys d3 0xA0121662 \??\C:\WINNT\system32\win32k.sys d4 0xA005BFE2 \??\C:\WINNT\system32\win32k.sys d5 0xA0000461 \??\C:\WINNT\system32\win32k.sys d6 0xA002752F \??\C:\WINNT\system32\win32k.sys d7 0xA0068120 \??\C:\WINNT\system32\win32k.sys d8 0xA003F12D \??\C:\WINNT\system32\win32k.sys d9 0xA011FC87 \??\C:\WINNT\system32\win32k.sys da 0xA004CD7A \??\C:\WINNT\system32\win32k.sys db 0xA009C05D \??\C:\WINNT\system32\win32k.sys dc 0xA004C773 \??\C:\WINNT\system32\win32k.sys dd 0xA0122DE3 \??\C:\WINNT\system32\win32k.sys de 0xA011EE9F \??\C:\WINNT\system32\win32k.sys df 0xA00519CF \??\C:\WINNT\system32\win32k.sys e0 0xA003E90B \??\C:\WINNT\system32\win32k.sys e1 0xA0091951 \??\C:\WINNT\system32\win32k.sys e2 0xA0077D2A \??\C:\WINNT\system32\win32k.sys e3 0xA008AAF1 \??\C:\WINNT\system32\win32k.sys e4 0xA011D77C \??\C:\WINNT\system32\win32k.sys e5 0xA0115B0C \??\C:\WINNT\system32\win32k.sys e6 0xA011E419 \??\C:\WINNT\system32\win32k.sys e7 0xA003FB5B \??\C:\WINNT\system32\win32k.sys e8 0xA011E538 \??\C:\WINNT\system32\win32k.sys e9 0xA011F08F \??\C:\WINNT\system32\win32k.sys ea 0xA0109A34 \??\C:\WINNT\system32\win32k.sys eb 0xA009A062 \??\C:\WINNT\system32\win32k.sys ec 0xA005BFF2 \??\C:\WINNT\system32\win32k.sys ed 0xA004046D \??\C:\WINNT\system32\win32k.sys ee 0xA011EFA7 \??\C:\WINNT\system32\win32k.sys ef 0xA006B1F5 \??\C:\WINNT\system32\win32k.sys f0 0xA011F2F0 \??\C:\WINNT\system32\win32k.sys f1 0xA011F47D \??\C:\WINNT\system32\win32k.sys f2 0xA00996C4 \??\C:\WINNT\system32\win32k.sys f3 0xA0123093 \??\C:\WINNT\system32\win32k.sys f4 0xA0077470 \??\C:\WINNT\system32\win32k.sys f5 0xA00D714E \??\C:\WINNT\system32\win32k.sys f6 0xA0077480 \??\C:\WINNT\system32\win32k.sys f7 0xA00522DA \??\C:\WINNT\system32\win32k.sys f8 0xA011F9AB \??\C:\WINNT\system32\win32k.sys f9 0xA001C93D \??\C:\WINNT\system32\win32k.sys fa 0xA011EE7F \??\C:\WINNT\system32\win32k.sys fb 0xA00517DF \??\C:\WINNT\system32\win32k.sys fc 0xA00774B8 \??\C:\WINNT\system32\win32k.sys fd 0xA011EE8F \??\C:\WINNT\system32\win32k.sys fe 0xA006AC98 \??\C:\WINNT\system32\win32k.sys ff 0xA011FA75 \??\C:\WINNT\system32\win32k.sys 100 0xA007E645 \??\C:\WINNT\system32\win32k.sys 101 0xA004BE05 \??\C:\WINNT\system32\win32k.sys 102 0xA011ED4D \??\C:\WINNT\system32\win32k.sys 103 0xA00508A6 \??\C:\WINNT\system32\win32k.sys 104 0xA01213BE \??\C:\WINNT\system32\win32k.sys 105 0xA00779DD \??\C:\WINNT\system32\win32k.sys 106 0xA0001FDD \??\C:\WINNT\system32\win32k.sys 107 0xA004C93D \??\C:\WINNT\system32\win32k.sys 108 0xA004C982 \??\C:\WINNT\system32\win32k.sys 109 0xA004CF06 \??\C:\WINNT\system32\win32k.sys 10a 0xA0123599 \??\C:\WINNT\system32\win32k.sys 10b 0xA004C474 \??\C:\WINNT\system32\win32k.sys 10c 0xA004C5FD \??\C:\WINNT\system32\win32k.sys 10d 0xA011F99F \??\C:\WINNT\system32\win32k.sys 10e 0xA011F993 \??\C:\WINNT\system32\win32k.sys 10f 0xA007797F \??\C:\WINNT\system32\win32k.sys 110 0xA00806F3 \??\C:\WINNT\system32\win32k.sys 111 0xA01330C1 \??\C:\WINNT\system32\win32k.sys 112 0xA011EF8C \??\C:\WINNT\system32\win32k.sys 113 0xA011EF33 \??\C:\WINNT\system32\win32k.sys 114 0xA01322A9 \??\C:\WINNT\system32\win32k.sys 115 0xA0053FAD \??\C:\WINNT\system32\win32k.sys 116 0xA004CE7D \??\C:\WINNT\system32\win32k.sys 117 0xA004C5AF \??\C:\WINNT\system32\win32k.sys 118 0xA0099A1F \??\C:\WINNT\system32\win32k.sys 119 0xA009BA39 \??\C:\WINNT\system32\win32k.sys 11a 0xA008B08D \??\C:\WINNT\system32\win32k.sys 11b 0xA0094A44 \??\C:\WINNT\system32\win32k.sys 11c 0xA00BEB07 \??\C:\WINNT\system32\win32k.sys 11d 0xA00AA173 \??\C:\WINNT\system32\win32k.sys 11e 0xA0133294 \??\C:\WINNT\system32\win32k.sys 11f 0xA003E999 \??\C:\WINNT\system32\win32k.sys 120 0xA0119E5C \??\C:\WINNT\system32\win32k.sys 121 0xA011FB8A \??\C:\WINNT\system32\win32k.sys 122 0xA011F1C4 \??\C:\WINNT\system32\win32k.sys 123 0xA011EF80 \??\C:\WINNT\system32\win32k.sys 124 0xA012324F \??\C:\WINNT\system32\win32k.sys 125 0xA011D5DF \??\C:\WINNT\system32\win32k.sys 126 0xA005D014 \??\C:\WINNT\system32\win32k.sys 127 0xA007ED1E \??\C:\WINNT\system32\win32k.sys 128 0xA00E3183 \??\C:\WINNT\system32\win32k.sys 129 0xA007E51C \??\C:\WINNT\system32\win32k.sys 12a 0xA0029892 \??\C:\WINNT\system32\win32k.sys 12b 0xA007DB09 \??\C:\WINNT\system32\win32k.sys 12c 0xA00E1971 \??\C:\WINNT\system32\win32k.sys 12d 0xA00E329F \??\C:\WINNT\system32\win32k.sys 12e 0xA003710F \??\C:\WINNT\system32\win32k.sys 12f 0xA0054168 \??\C:\WINNT\system32\win32k.sys 130 0xA00E16C4 \??\C:\WINNT\system32\win32k.sys 131 0xA007E6A1 \??\C:\WINNT\system32\win32k.sys 132 0xA0036980 \??\C:\WINNT\system32\win32k.sys 133 0xA0000CCD \??\C:\WINNT\system32\win32k.sys 134 0xA007988D \??\C:\WINNT\system32\win32k.sys 135 0xA0079D42 \??\C:\WINNT\system32\win32k.sys 136 0xA008AF79 \??\C:\WINNT\system32\win32k.sys 137 0xA004BE5F \??\C:\WINNT\system32\win32k.sys 138 0xA0015D95 \??\C:\WINNT\system32\win32k.sys 139 0xA0015DDD \??\C:\WINNT\system32\win32k.sys 13a 0xA007950D \??\C:\WINNT\system32\win32k.sys 13b 0xA009E0DD \??\C:\WINNT\system32\win32k.sys 13c 0xA00E1B81 \??\C:\WINNT\system32\win32k.sys 13d 0xA005E8F6 \??\C:\WINNT\system32\win32k.sys 13e 0xA00A9B79 \??\C:\WINNT\system32\win32k.sys 13f 0xA007039D \??\C:\WINNT\system32\win32k.sys 140 0xA00E055D \??\C:\WINNT\system32\win32k.sys 141 0xA0067C07 \??\C:\WINNT\system32\win32k.sys 142 0xA005DB2E \??\C:\WINNT\system32\win32k.sys 143 0xA005DB79 \??\C:\WINNT\system32\win32k.sys 144 0xA005B3B9 \??\C:\WINNT\system32\win32k.sys 145 0xA006901A \??\C:\WINNT\system32\win32k.sys 146 0xA0054963 \??\C:\WINNT\system32\win32k.sys 147 0xA003E955 \??\C:\WINNT\system32\win32k.sys 148 0xA0093ECC \??\C:\WINNT\system32\win32k.sys 149 0xA007B156 \??\C:\WINNT\system32\win32k.sys 14a 0xA0005EF5 \??\C:\WINNT\system32\win32k.sys 14b 0xA00E30FE \??\C:\WINNT\system32\win32k.sys 14c 0xA0068068 \??\C:\WINNT\system32\win32k.sys 14d 0xA003300A \??\C:\WINNT\system32\win32k.sys 14e 0xA00054F6 \??\C:\WINNT\system32\win32k.sys 14f 0xA00B22A1 \??\C:\WINNT\system32\win32k.sys 150 0xA005455A \??\C:\WINNT\system32\win32k.sys 151 0xA00B1448 \??\C:\WINNT\system32\win32k.sys 152 0xA006B3C3 \??\C:\WINNT\system32\win32k.sys 153 0xA007DB49 \??\C:\WINNT\system32\win32k.sys 154 0xA007D418 \??\C:\WINNT\system32\win32k.sys 155 0xA00A9D7E \??\C:\WINNT\system32\win32k.sys 156 0xA00349EC \??\C:\WINNT\system32\win32k.sys 157 0xA00E3145 \??\C:\WINNT\system32\win32k.sys 158 0xA008B13B \??\C:\WINNT\system32\win32k.sys 159 0xA0027A44 \??\C:\WINNT\system32\win32k.sys 15a 0xA00E38C9 \??\C:\WINNT\system32\win32k.sys 15b 0xA002A916 \??\C:\WINNT\system32\win32k.sys 15c 0xA00E1809 \??\C:\WINNT\system32\win32k.sys 15d 0xA00DF42C \??\C:\WINNT\system32\win32k.sys 15e 0xA00E0838 \??\C:\WINNT\system32\win32k.sys 15f 0xA00E0911 \??\C:\WINNT\system32\win32k.sys 160 0xA005DE69 \??\C:\WINNT\system32\win32k.sys 161 0xA0077BC7 \??\C:\WINNT\system32\win32k.sys 162 0xA00E1BD7 \??\C:\WINNT\system32\win32k.sys 163 0xA0067ED6 \??\C:\WINNT\system32\win32k.sys 164 0xA0062EB6 \??\C:\WINNT\system32\win32k.sys 165 0xA0093E54 \??\C:\WINNT\system32\win32k.sys 166 0xA006B371 \??\C:\WINNT\system32\win32k.sys 167 0xA00E09DE \??\C:\WINNT\system32\win32k.sys 168 0xA00299C6 \??\C:\WINNT\system32\win32k.sys 169 0xA00A8055 \??\C:\WINNT\system32\win32k.sys 16a 0xA00A96E4 \??\C:\WINNT\system32\win32k.sys 16b 0xA00A6382 \??\C:\WINNT\system32\win32k.sys 16c 0xA00DFB3C \??\C:\WINNT\system32\win32k.sys 16d 0xA006ADC0 \??\C:\WINNT\system32\win32k.sys 16e 0xA007EC89 \??\C:\WINNT\system32\win32k.sys 16f 0xA001E3C9 \??\C:\WINNT\system32\win32k.sys 170 0xA006C0E2 \??\C:\WINNT\system32\win32k.sys 171 0xA00E3BC3 \??\C:\WINNT\system32\win32k.sys 172 0xA00E028E \??\C:\WINNT\system32\win32k.sys 173 0xA00E0211 \??\C:\WINNT\system32\win32k.sys 174 0xA00E3676 \??\C:\WINNT\system32\win32k.sys 175 0xA00795EC \??\C:\WINNT\system32\win32k.sys 176 0xA00898AB \??\C:\WINNT\system32\win32k.sys 177 0xA00E1323 \??\C:\WINNT\system32\win32k.sys 178 0xA00347EE \??\C:\WINNT\system32\win32k.sys 179 0xA0077FD1 \??\C:\WINNT\system32\win32k.sys 17a 0xA0067F8B \??\C:\WINNT\system32\win32k.sys 17b 0xA0089EF2 \??\C:\WINNT\system32\win32k.sys 17c 0xA008B0F0 \??\C:\WINNT\system32\win32k.sys 17d 0xA007AF02 \??\C:\WINNT\system32\win32k.sys 17e 0xA00E0A24 \??\C:\WINNT\system32\win32k.sys 17f 0xA00E05EB \??\C:\WINNT\system32\win32k.sys 180 0xA00DFFAF \??\C:\WINNT\system32\win32k.sys 181 0xA0073A61 \??\C:\WINNT\system32\win32k.sys 182 0xA0064BB7 \??\C:\WINNT\system32\win32k.sys 183 0xA007AE54 \??\C:\WINNT\system32\win32k.sys 184 0xA007ED93 \??\C:\WINNT\system32\win32k.sys 185 0xA00E0089 \??\C:\WINNT\system32\win32k.sys 186 0xA0018D94 \??\C:\WINNT\system32\win32k.sys 187 0xA007EE45 \??\C:\WINNT\system32\win32k.sys 188 0xA008AEF2 \??\C:\WINNT\system32\win32k.sys 189 0xA0028605 \??\C:\WINNT\system32\win32k.sys 18a 0xA00B8F27 \??\C:\WINNT\system32\win32k.sys 18b 0xA00DFE1F \??\C:\WINNT\system32\win32k.sys 18c 0xA009234F \??\C:\WINNT\system32\win32k.sys 18d 0xA0077C92 \??\C:\WINNT\system32\win32k.sys 18e 0xA00E3533 \??\C:\WINNT\system32\win32k.sys 18f 0xA00E33B4 \??\C:\WINNT\system32\win32k.sys 190 0xA00DFBE1 \??\C:\WINNT\system32\win32k.sys 191 0xA006AF30 \??\C:\WINNT\system32\win32k.sys 192 0xA00B0805 \??\C:\WINNT\system32\win32k.sys 193 0xA006CFB9 \??\C:\WINNT\system32\win32k.sys 194 0xA004B5F8 \??\C:\WINNT\system32\win32k.sys 195 0xA0078F7D \??\C:\WINNT\system32\win32k.sys 196 0xA00E005F \??\C:\WINNT\system32\win32k.sys 197 0xA00E03B7 \??\C:\WINNT\system32\win32k.sys 198 0xA00E0729 \??\C:\WINNT\system32\win32k.sys 199 0xA00AFF64 \??\C:\WINNT\system32\win32k.sys 19a 0xA001557C \??\C:\WINNT\system32\win32k.sys 19b 0xA00E0F5A \??\C:\WINNT\system32\win32k.sys 19c 0xA005B042 \??\C:\WINNT\system32\win32k.sys 19d 0xA003E974 \??\C:\WINNT\system32\win32k.sys 19e 0xA00B121A \??\C:\WINNT\system32\win32k.sys 19f 0xA005AD37 \??\C:\WINNT\system32\win32k.sys 1a0 0xA00E015E \??\C:\WINNT\system32\win32k.sys 1a1 0xA003A283 \??\C:\WINNT\system32\win32k.sys 1a2 0xA005AC7E \??\C:\WINNT\system32\win32k.sys 1a3 0xA0028D97 \??\C:\WINNT\system32\win32k.sys 1a4 0xA00DFEE0 \??\C:\WINNT\system32\win32k.sys 1a5 0xA003812E \??\C:\WINNT\system32\win32k.sys 1a6 0xA00401A8 \??\C:\WINNT\system32\win32k.sys 1a7 0xA00795BA \??\C:\WINNT\system32\win32k.sys 1a8 0xA007E0FE \??\C:\WINNT\system32\win32k.sys 1a9 0xA00D6446 \??\C:\WINNT\system32\win32k.sys 1aa 0xA00DF067 \??\C:\WINNT\system32\win32k.sys 1ab 0xA0079439 \??\C:\WINNT\system32\win32k.sys 1ac 0xA004B2C9 \??\C:\WINNT\system32\win32k.sys 1ad 0xA00E198D \??\C:\WINNT\system32\win32k.sys 1ae 0xA000F37B \??\C:\WINNT\system32\win32k.sys 1af 0xA000C517 \??\C:\WINNT\system32\win32k.sys 1b0 0xA00B612C \??\C:\WINNT\system32\win32k.sys 1b1 0xA00B8FB8 \??\C:\WINNT\system32\win32k.sys 1b2 0xA00296AD \??\C:\WINNT\system32\win32k.sys 1b3 0xA006A94B \??\C:\WINNT\system32\win32k.sys 1b4 0xA007AF50 \??\C:\WINNT\system32\win32k.sys 1b5 0xA001966F \??\C:\WINNT\system32\win32k.sys 1b6 0xA00B94A9 \??\C:\WINNT\system32\win32k.sys 1b7 0xA00008F1 \??\C:\WINNT\system32\win32k.sys 1b8 0xA00AA142 \??\C:\WINNT\system32\win32k.sys 1b9 0xA00DF336 \??\C:\WINNT\system32\win32k.sys 1ba 0xA007BF9B \??\C:\WINNT\system32\win32k.sys 1bb 0xA00E1298 \??\C:\WINNT\system32\win32k.sys 1bc 0xA0018B5E \??\C:\WINNT\system32\win32k.sys 1bd 0xA006965B \??\C:\WINNT\system32\win32k.sys 1be 0xA00E0B4A \??\C:\WINNT\system32\win32k.sys 1bf 0xA00E0A90 \??\C:\WINNT\system32\win32k.sys 1c0 0xA007E718 \??\C:\WINNT\system32\win32k.sys 1c1 0xA007D84C \??\C:\WINNT\system32\win32k.sys 1c2 0xA00E386B \??\C:\WINNT\system32\win32k.sys 1c3 0xA005ACFA \??\C:\WINNT\system32\win32k.sys 1c4 0xA00DFDC8 \??\C:\WINNT\system32\win32k.sys 1c5 0xA0067D47 \??\C:\WINNT\system32\win32k.sys 1c6 0xA0053CF8 \??\C:\WINNT\system32\win32k.sys 1c7 0xA000098D \??\C:\WINNT\system32\win32k.sys 1c8 0xA005424A \??\C:\WINNT\system32\win32k.sys 1c9 0xA005D443 \??\C:\WINNT\system32\win32k.sys 1ca 0xA0018AA8 \??\C:\WINNT\system32\win32k.sys 1cb 0xA0015799 \??\C:\WINNT\system32\win32k.sys 1cc 0xA001B951 \??\C:\WINNT\system32\win32k.sys 1cd 0xA005C576 \??\C:\WINNT\system32\win32k.sys 1ce 0xA00E13D3 \??\C:\WINNT\system32\win32k.sys 1cf 0xA00E3224 \??\C:\WINNT\system32\win32k.sys 1d0 0xA00E185C \??\C:\WINNT\system32\win32k.sys 1d1 0xA00E39AA \??\C:\WINNT\system32\win32k.sys 1d2 0xA002C7D3 \??\C:\WINNT\system32\win32k.sys 1d3 0xA00E0258 \??\C:\WINNT\system32\win32k.sys 1d4 0xA00790F1 \??\C:\WINNT\system32\win32k.sys 1d5 0xA0059D3F \??\C:\WINNT\system32\win32k.sys 1d6 0xA0000FE4 \??\C:\WINNT\system32\win32k.sys 1d7 0xA00DFD23 \??\C:\WINNT\system32\win32k.sys 1d8 0xA002B66A \??\C:\WINNT\system32\win32k.sys 1d9 0xA008B00E \??\C:\WINNT\system32\win32k.sys 1da 0xA007A5F8 \??\C:\WINNT\system32\win32k.sys 1db 0xA005D986 \??\C:\WINNT\system32\win32k.sys 1dc 0xA00B6495 \??\C:\WINNT\system32\win32k.sys 1dd 0xA00A9F51 \??\C:\WINNT\system32\win32k.sys 1de 0xA00167EC \??\C:\WINNT\system32\win32k.sys 1df 0xA0067459 \??\C:\WINNT\system32\win32k.sys 1e0 0xA007658B \??\C:\WINNT\system32\win32k.sys 1e1 0xA006B026 \??\C:\WINNT\system32\win32k.sys 1e2 0xA0091E24 \??\C:\WINNT\system32\win32k.sys 1e3 0xA00781AC \??\C:\WINNT\system32\win32k.sys 1e4 0xA001B8F0 \??\C:\WINNT\system32\win32k.sys 1e5 0xA00E3610 \??\C:\WINNT\system32\win32k.sys 1e6 0xA007875B \??\C:\WINNT\system32\win32k.sys 1e7 0xA0070CBD \??\C:\WINNT\system32\win32k.sys 1e8 0xA00E0B8F \??\C:\WINNT\system32\win32k.sys 1e9 0xA0069092 \??\C:\WINNT\system32\win32k.sys 1ea 0xA005487C \??\C:\WINNT\system32\win32k.sys 1eb 0xA005CFCF \??\C:\WINNT\system32\win32k.sys 1ec 0xA0028AAB \??\C:\WINNT\system32\win32k.sys 1ed 0xA00E115D \??\C:\WINNT\system32\win32k.sys 1ee 0xA0092078 \??\C:\WINNT\system32\win32k.sys 1ef 0xA00E079A \??\C:\WINNT\system32\win32k.sys 1f0 0xA00796A1 \??\C:\WINNT\system32\win32k.sys 1f1 0xA00B93A5 \??\C:\WINNT\system32\win32k.sys 1f2 0xA00E3482 \??\C:\WINNT\system32\win32k.sys 1f3 0xA00E36F6 \??\C:\WINNT\system32\win32k.sys 1f4 0xA005B621 \??\C:\WINNT\system32\win32k.sys 1f5 0xA005CF92 \??\C:\WINNT\system32\win32k.sys 1f6 0xA00E048C \??\C:\WINNT\system32\win32k.sys 1f7 0xA006CEC0 \??\C:\WINNT\system32\win32k.sys 1f8 0xA0006E5F \??\C:\WINNT\system32\win32k.sys 1f9 0xA00695B7 \??\C:\WINNT\system32\win32k.sys 1fa 0xA00AA0CC \??\C:\WINNT\system32\win32k.sys 1fb 0xA00AFD5C \??\C:\WINNT\system32\win32k.sys 1fc 0xA00E080E \??\C:\WINNT\system32\win32k.sys 1fd 0xA00DF0A9 \??\C:\WINNT\system32\win32k.sys 1fe 0xA007DE1D \??\C:\WINNT\system32\win32k.sys 1ff 0xA0053CDA \??\C:\WINNT\system32\win32k.sys 200 0xA007A571 \??\C:\WINNT\system32\win32k.sys 201 0xA00E0780 \??\C:\WINNT\system32\win32k.sys 202 0xA0016F12 \??\C:\WINNT\system32\win32k.sys 203 0xA000102F \??\C:\WINNT\system32\win32k.sys 204 0xA00E0BC2 \??\C:\WINNT\system32\win32k.sys 205 0xA00E110D \??\C:\WINNT\system32\win32k.sys 206 0xA006E779 \??\C:\WINNT\system32\win32k.sys 207 0xA00B08AB \??\C:\WINNT\system32\win32k.sys 208 0xA0053C7B \??\C:\WINNT\system32\win32k.sys 209 0xA00E37F1 \??\C:\WINNT\system32\win32k.sys 20a 0xA007EC20 \??\C:\WINNT\system32\win32k.sys 20b 0xA0018C55 \??\C:\WINNT\system32\win32k.sys 20c 0xA0079B77 \??\C:\WINNT\system32\win32k.sys 20d 0xA00382DE \??\C:\WINNT\system32\win32k.sys 20e 0xA004821D \??\C:\WINNT\system32\win32k.sys 20f 0xA002EAB1 \??\C:\WINNT\system32\win32k.sys 210 0xA0094217 \??\C:\WINNT\system32\win32k.sys 211 0xA0000577 \??\C:\WINNT\system32\win32k.sys 212 0xA003B694 \??\C:\WINNT\system32\win32k.sys 213 0xA0004DD8 \??\C:\WINNT\system32\win32k.sys 214 0xA0070C8A \??\C:\WINNT\system32\win32k.sys 215 0xA00DFD4D \??\C:\WINNT\system32\win32k.sys 216 0xA007946B \??\C:\WINNT\system32\win32k.sys 217 0xA006BF1A \??\C:\WINNT\system32\win32k.sys 218 0xA003764A \??\C:\WINNT\system32\win32k.sys 219 0xA005D8E1 \??\C:\WINNT\system32\win32k.sys 21a 0xA00E1420 \??\C:\WINNT\system32\win32k.sys 21b 0xA0000A36 \??\C:\WINNT\system32\win32k.sys 21c 0xA002280F \??\C:\WINNT\system32\win32k.sys 21d 0xA00B6AFA \??\C:\WINNT\system32\win32k.sys 21e 0xA006E7F2 \??\C:\WINNT\system32\win32k.sys 21f 0xA0023155 \??\C:\WINNT\system32\win32k.sys 220 0xA0066D64 \??\C:\WINNT\system32\win32k.sys 221 0xA0061046 \??\C:\WINNT\system32\win32k.sys 222 0xA00E0DF8 \??\C:\WINNT\system32\win32k.sys 223 0xA0080965 \??\C:\WINNT\system32\win32k.sys 224 0xA007B708 \??\C:\WINNT\system32\win32k.sys 225 0xA003B994 \??\C:\WINNT\system32\win32k.sys 226 0xA00DFD9C \??\C:\WINNT\system32\win32k.sys 227 0xA00E17E5 \??\C:\WINNT\system32\win32k.sys 228 0xA000087E \??\C:\WINNT\system32\win32k.sys 229 0xA005E5B8 \??\C:\WINNT\system32\win32k.sys 22a 0xA00E0EFC \??\C:\WINNT\system32\win32k.sys 22b 0xA00E31DE \??\C:\WINNT\system32\win32k.sys 22c 0xA00DFA9D \??\C:\WINNT\system32\win32k.sys 22d 0xA00A45B1 \??\C:\WINNT\system32\win32k.sys 22e 0xA00E3D00 \??\C:\WINNT\system32\win32k.sys 22f 0xA0003609 \??\C:\WINNT\system32\win32k.sys 230 0xA00E1462 \??\C:\WINNT\system32\win32k.sys 231 0xA00E1446 \??\C:\WINNT\system32\win32k.sys 232 0xA0089D91 \??\C:\WINNT\system32\win32k.sys 233 0xA007B9D9 \??\C:\WINNT\system32\win32k.sys 234 0xA0060573 \??\C:\WINNT\system32\win32k.sys 235 0xA00A9747 \??\C:\WINNT\system32\win32k.sys 236 0xA0018B39 \??\C:\WINNT\system32\win32k.sys 237 0xA00DF0A4 \??\C:\WINNT\system32\win32k.sys 238 0xA002CAD8 \??\C:\WINNT\system32\win32k.sys 239 0xA00B6ACA \??\C:\WINNT\system32\win32k.sys 23a 0xA00DEF09 \??\C:\WINNT\system32\win32k.sys 23b 0xA00DEF4F \??\C:\WINNT\system32\win32k.sys 23c 0xA00DEF98 \??\C:\WINNT\system32\win32k.sys 23d 0xA00DEFE8 \??\C:\WINNT\system32\win32k.sys 23e 0xA00DF021 \??\C:\WINNT\system32\win32k.sys 23f 0xA009B9D9 \??\C:\WINNT\system32\win32k.sys 240 0xA00AA3EE \??\C:\WINNT\system32\win32k.sys 241 0xA009B593 \??\C:\WINNT\system32\win32k.sys 242 0xA0135959 \??\C:\WINNT\system32\win32k.sys 243 0xA00436AD \??\C:\WINNT\system32\win32k.sys 244 0xA00457D5 \??\C:\WINNT\system32\win32k.sys 245 0xA013365D \??\C:\WINNT\system32\win32k.sys 246 0xA004100E \??\C:\WINNT\system32\win32k.sys 247 0xA009A713 \??\C:\WINNT\system32\win32k.sys 248 0xA013520E \??\C:\WINNT\system32\win32k.sys 249 0xA00AA49B \??\C:\WINNT\system32\win32k.sys 24a 0xA00AA39B \??\C:\WINNT\system32\win32k.sys 24b 0xA00AB04E \??\C:\WINNT\system32\win32k.sys 24c 0xA00B4691 \??\C:\WINNT\system32\win32k.sys 24d 0xA0133E02 \??\C:\WINNT\system32\win32k.sys 24e 0xA00BE93C \??\C:\WINNT\system32\win32k.sys 24f 0xA00BDF2A \??\C:\WINNT\system32\win32k.sys 250 0xA0134458 \??\C:\WINNT\system32\win32k.sys 251 0xA00BD5E7 \??\C:\WINNT\system32\win32k.sys 252 0xA01346EF \??\C:\WINNT\system32\win32k.sys 253 0xA0134876 \??\C:\WINNT\system32\win32k.sys 254 0xA0134A04 \??\C:\WINNT\system32\win32k.sys 255 0xA0134BFB \??\C:\WINNT\system32\win32k.sys 256 0xA0134E64 \??\C:\WINNT\system32\win32k.sys 257 0xA00AAE3B \??\C:\WINNT\system32\win32k.sys 258 0xA0133A74 \??\C:\WINNT\system32\win32k.sys 259 0xA0135C86 \??\C:\WINNT\system32\win32k.sys 25a 0xA0135D21 \??\C:\WINNT\system32\win32k.sys 25b 0xA0135C4F \??\C:\WINNT\system32\win32k.sys 25c 0xA01353B2 \??\C:\WINNT\system32\win32k.sys 25d 0xA013536E \??\C:\WINNT\system32\win32k.sys 25e 0xA01352EA \??\C:\WINNT\system32\win32k.sys 25f 0xA0135310 \??\C:\WINNT\system32\win32k.sys 260 0xA0135332 \??\C:\WINNT\system32\win32k.sys 261 0xA013534C \??\C:\WINNT\system32\win32k.sys 262 0xA01354C7 \??\C:\WINNT\system32\win32k.sys 263 0xA0135442 \??\C:\WINNT\system32\win32k.sys 264 0xA0135486 \??\C:\WINNT\system32\win32k.sys 265 0xA004C56A \??\C:\WINNT\system32\win32k.sys 266 0xA009AD10 \??\C:\WINNT\system32\win32k.sys 267 0xA009A930 \??\C:\WINNT\system32\win32k.sys 268 0xA00AA83C \??\C:\WINNT\system32\win32k.sys 269 0xA009A9E2 \??\C:\WINNT\system32\win32k.sys 26a 0xA00AA8A7 \??\C:\WINNT\system32\win32k.sys 26b 0xA009A627 \??\C:\WINNT\system32\win32k.sys 26c 0xA0135682 \??\C:\WINNT\system32\win32k.sys 26d 0xA013577D \??\C:\WINNT\system32\win32k.sys 26e 0xA0135B73 \??\C:\WINNT\system32\win32k.sys 26f 0xA01355D6 \??\C:\WINNT\system32\win32k.sys 270 0xA01358C5 \??\C:\WINNT\system32\win32k.sys 271 0xA009A774 \??\C:\WINNT\system32\win32k.sys 272 0xA00AA534 \??\C:\WINNT\system32\win32k.sys 273 0xA009A78A \??\C:\WINNT\system32\win32k.sys 274 0xA01358FE \??\C:\WINNT\system32\win32k.sys 275 0xA004F92E \??\C:\WINNT\system32\win32k.sys 276 0xA004F9DB \??\C:\WINNT\system32\win32k.sys 277 0xA004F9AF \??\C:\WINNT\system32\win32k.sys 278 0xA01359E0 \??\C:\WINNT\system32\win32k.sys 279 0xA0135A87 \??\C:\WINNT\system32\win32k.sys 27a 0xA0135935 \??\C:\WINNT\system32\win32k.sys 27b 0xA0135D60 \??\C:\WINNT\system32\win32k.sys 27c 0xA0135DC3 \??\C:\WINNT\system32\win32k.sys 27d 0xA0135E52 \??\C:\WINNT\system32\win32k.sys 27e 0xA01155D8 \??\C:\WINNT\system32\win32k.sys PspCidTable: 0x8046B360(46b360) 1. TABLE: 0xFCE250A8(14420a8): Table: 0xE1004000 QuotaProcess: ProcessId: 0 HandleCount: 288 CapturedHandleCount: 288 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE009E0(141d9e0) Type: 6 Thread Object Header: 0xFCE009C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000004 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 0 PointerCount: 43 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCE00280(141d280) Type: 6 Thread Object Header: 0xFCE00268 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000000C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF020(141c020) Type: 6 Thread Object Header: 0xFCDFF008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000010 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFDA0(141cda0) Type: 6 Thread Object Header: 0xFCDFFD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000014 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFB20(141cb20) Type: 6 Thread Object Header: 0xFCDFFB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000018 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF8A0(141c8a0) Type: 6 Thread Object Header: 0xFCDFF888 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000001C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF620(141c620) Type: 6 Thread Object Header: 0xFCDFF608 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000020 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF3A0(141c3a0) Type: 6 Thread Object Header: 0xFCDFF388 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000024 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFE020(141b020) Type: 6 Thread Object Header: 0xFCDFE008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000028 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEDA0(141bda0) Type: 6 Thread Object Header: 0xFCDFED88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000002C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEB20(141bb20) Type: 6 Thread Object Header: 0xFCDFEB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000030 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFD1E0(141a1e0) Type: 6 Thread Object Header: 0xFCDFD1C8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000034 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC020(1419020) Type: 6 Thread Object Header: 0xFCDFC008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000038 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCDA0(1419da0) Type: 6 Thread Object Header: 0xFCDFCD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000003C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCB20(1419b20) Type: 6 Thread Object Header: 0xFCDFCB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000040 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDF8020(1415020) Type: 6 Thread Object Header: 0xFCDF8008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000048 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE13020(1430020) Type: 6 Thread Object Header: 0xFCE13008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD30BC0(134dbc0) Type: 6 Thread Object Header: 0xFCD30BA8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000050 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDC8840(13e5840) Type: 6 Thread Object Header: 0xFCDC8828 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD45020(1362020) Type: 6 Thread Object Header: 0xFCD45008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000058 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD33B20(1350b20) Type: 6 Thread Object Header: 0xFCD33B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC94460(12b1460) Type: 6 Thread Object Header: 0xFCC94448 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.00000060 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCD619E0(137e9e0) Type: 6 Thread Object Header: 0xFCD619C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000064 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1D8A0(133a8a0) Type: 6 Thread Object Header: 0xFCD1D888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1D620(133a620) Type: 6 Thread Object Header: 0xFCD1D608 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1CDA0(1339da0) Type: 6 Thread Object Header: 0xFCD1CD88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD61760(137e760) Type: 6 Thread Object Header: 0xFCD61748 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000074 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD614E0(137e4e0) Type: 6 Thread Object Header: 0xFCD614C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000078 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCF07E0(130d7e0) Type: 6 Thread Object Header: 0xFCCF07C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000007C ThreadsProcess: 0xFCE00C60 OBJECT: 0x82000000 OBJECT: 0xFCC96020(12b3020) Type: 6 Thread Object Header: 0xFCC96008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000084 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC96B20(12b3b20) Type: 6 Thread Object Header: 0xFCC96B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000088 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC968A0(12b38a0) Type: 6 Thread Object Header: 0xFCC96888 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000008C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC68020(1285020) Type: 6 Thread Object Header: 0xFCC68008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000090 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFCC99680(12b6680) Type: 6 Thread Object Header: 0xFCC99668 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000094 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC94D60(12b1d60) Type: 6 Thread Object Header: 0xFCC94D48 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.00000098 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC992C0(12b62c0) Type: 5 Process Object Header: 0xFCC992A8 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: smss.exe OBJECT: 0xFCC941C0(12b11c0) Type: 6 Thread Object Header: 0xFCC941A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000A0 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC69D80(1286d80) Type: 6 Thread Object Header: 0xFCC69D68 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000A4 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC69020(1286020) Type: 6 Thread Object Header: 0xFCC69008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000A8 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC69A40(1286a40) Type: 6 Thread Object Header: 0xFCC69A28 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000AC ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCA28D60(1045d60) Type: 5 Process Object Header: 0xFCA28D48 GrantedAccess: 0 PointerCount: 212 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xFCC69480(1286480) Type: 5 Process Object Header: 0xFCC69468 GrantedAccess: 0 PointerCount: 146 HandleCount: 3 SecurityDescriptor: 0xE1D15998(4252998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xFCC60AC0(127dac0) Type: 6 Thread Object Header: 0xFCC60AA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA297A0(10467a0) Type: 6 Thread Object Header: 0xFCA29788 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA293C0(10463c0) Type: 6 Thread Object Header: 0xFCA293A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA28020(1045020) Type: 6 Thread Object Header: 0xFCA28008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA264E0(10434e0) Type: 6 Thread Object Header: 0xFCA264C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF29FD20(516dd20) Type: 6 Thread Object Header: 0xFF29FD08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000CC ThreadsProcess: 0xFCC69480 OBJECT: 0xFF29F5E0(516d5e0) Type: 6 Thread Object Header: 0xFF29F5C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000D0 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF0EB400(6e7a400) Type: 6 Thread Object Header: 0xFF0EB3E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000000D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF29DCA0(520aca0) Type: 6 Thread Object Header: 0xFF29DC88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29D6C0(520a6c0) Type: 6 Thread Object Header: 0xFF29D6A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1E3C00(61cc00) Type: 6 Thread Object Header: 0xFF1E3BE8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 0 PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF29CA20(5273a20) Type: 6 Thread Object Header: 0xFF29CA08 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA28D60 OBJECT: 0x82000000 OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 0 PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF298020(536e020) Type: 6 Thread Object Header: 0xFF298008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000F4 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF297220(5379220) Type: 6 Thread Object Header: 0xFF297208 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF296020(53bd020) Type: 6 Thread Object Header: 0xFF296008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFF29D080 OBJECT: 0xFF295020(5556020) Type: 6 Thread Object Header: 0xFF295008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF295BE0(5556be0) Type: 6 Thread Object Header: 0xFF295BC8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF295780(5556780) Type: 6 Thread Object Header: 0xFF295768 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF177360(40b4360) Type: 6 Thread Object Header: 0xFF177348 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000010C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF2949E0(55679e0) Type: 6 Thread Object Header: 0xFF2949C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF294500(5567500) Type: 6 Thread Object Header: 0xFF2944E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF290720(560b720) Type: 6 Thread Object Header: 0xFF290708 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF0DAD60(414dd60) Type: 5 Process Object Header: 0xFF0DAD48 GrantedAccess: 0 PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF28F720(575b720) Type: 6 Thread Object Header: 0xFF28F708 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1D4020(45aa020) Type: 6 Thread Object Header: 0xFF1D4008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000124 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF0D94A0(2d8e4a0) Type: 6 Thread Object Header: 0xFF0D9488 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000128 ThreadsProcess: 0xFF144020 OBJECT: 0xFF28EDA0(57a0da0) Type: 6 Thread Object Header: 0xFF28ED88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000012C ThreadsProcess: 0xFF29BA80 OBJECT: 0x82000000 OBJECT: 0xFF17B980(2dc3980) Type: 6 Thread Object Header: 0xFF17B968 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.00000134 ThreadsProcess: 0xFF191640 OBJECT: 0xFF1BE020(5dc2020) Type: 6 Thread Object Header: 0xFF1BE008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF28BD60(579dd60) Type: 6 Thread Object Header: 0xFF28BD48 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28D6C0(58b36c0) Type: 6 Thread Object Header: 0xFF28D6A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF144020(306020) Type: 5 Process Object Header: 0xFF144008 GrantedAccess: 0 PointerCount: 100 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: helix.exe OBJECT: 0xFF1FBDA0(d8dda0) Type: 6 Thread Object Header: 0xFF1FBD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000148 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28B6E0(579d6e0) Type: 6 Thread Object Header: 0xFF28B6C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1B7700(6e2700) Type: 6 Thread Object Header: 0xFF1B76E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000150 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1E7020(7e4020) Type: 6 Thread Object Header: 0xFF1E7008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000154 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF289020(58c3020) Type: 6 Thread Object Header: 0xFF289008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286DA0(5952da0) Type: 6 Thread Object Header: 0xFF286D88 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFF29D080 OBJECT: 0x82000000 OBJECT: 0xFF1CF020(682020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000164 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF2875A0(590d5a0) Type: 6 Thread Object Header: 0xFF287588 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF287240(590d240) Type: 6 Thread Object Header: 0xFF287228 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286460(5952460) Type: 6 Thread Object Header: 0xFF286448 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2861E0(59521e0) Type: 6 Thread Object Header: 0xFF2861C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF282A60(5b8da60) Type: 6 Thread Object Header: 0xFF282A48 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000178 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF281580(5bdd580) Type: 6 Thread Object Header: 0xFF281568 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280560(5bfe560) Type: 6 Thread Object Header: 0xFF280548 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280D40(5bfed40) Type: 6 Thread Object Header: 0xFF280D28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2446E0(6a776e0) Type: 6 Thread Object Header: 0xFF2446C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000188 ThreadsProcess: 0xFF244020 OBJECT: 0xFF27F260(5ca7260) Type: 6 Thread Object Header: 0xFF27F248 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000018C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF278580(5d81580) Type: 6 Thread Object Header: 0xFF278568 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000190 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27E540(5bec540) Type: 6 Thread Object Header: 0xFF27E528 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000194 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27E840(5bec840) Type: 5 Process Object Header: 0xFF27E828 GrantedAccess: 0 PointerCount: 110 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF27C9E0(5d6f9e0) Type: 6 Thread Object Header: 0xFF27C9C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000019C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27BCE0(5cf0ce0) Type: 6 Thread Object Header: 0xFF27BCC8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27BA40(5cf0a40) Type: 6 Thread Object Header: 0xFF27BA28 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF12C020(5abe020) Type: 6 Thread Object Header: 0xFF12C008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000001A8 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF275960(5dcd960) Type: 6 Thread Object Header: 0xFF275948 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000001AC ThreadsProcess: 0xFF27E840 OBJECT: 0xFF278020(5d81020) Type: 6 Thread Object Header: 0xFF278008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF2744C0(5dce4c0) Type: 5 Process Object Header: 0xFF2744A8 GrantedAccess: 0 PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF273120(5df1120) Type: 6 Thread Object Header: 0xFF273108 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272980(5f25980) Type: 6 Thread Object Header: 0xFF272968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001BC ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF193020(206b020) Type: 6 Thread Object Header: 0xFF193008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000001C0 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1B9900(76f8900) Type: 6 Thread Object Header: 0xFF1B98E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C4 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272220(5f25220) Type: 6 Thread Object Header: 0xFF272208 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF26F6A0(61536a0) Type: 6 Thread Object Header: 0xFF26F688 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001CC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF26F9E0(61539e0) Type: 5 Process Object Header: 0xFF26F9C8 GrantedAccess: 0 PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF26E220(5fbb220) Type: 6 Thread Object Header: 0xFF26E208 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001D4 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF26DD40(5f3ad40) Type: 6 Thread Object Header: 0xFF26DD28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF266D00(6020d00) Type: 6 Thread Object Header: 0xFF266CE8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001DC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF27D020(5c70020) Type: 5 Process Object Header: 0xFF27D008 GrantedAccess: 0 PointerCount: 113 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF170CC0(611ecc0) Type: 6 Thread Object Header: 0xFF170CA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.000001E4 ThreadsProcess: 0xFF191640 OBJECT: 0xFF264020(62d3020) Type: 6 Thread Object Header: 0xFF264008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001E8 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF25C200(64a7200) Type: 6 Thread Object Header: 0xFF25C1E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F95A0(e905a0) Type: 6 Thread Object Header: 0xFF1F9588 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25BDA0(65b9da0) Type: 6 Thread Object Header: 0xFF25BD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25B760(65b9760) Type: 6 Thread Object Header: 0xFF25B748 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001FC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF13F8A0(6ffc8a0) Type: 6 Thread Object Header: 0xFF13F888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000200 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24E7C0(66c57c0) Type: 6 Thread Object Header: 0xFF24E7A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.00000204 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF2513E0(65f23e0) Type: 6 Thread Object Header: 0xFF2513C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000208 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF24D380(6704380) Type: 6 Thread Object Header: 0xFF24D368 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000020C ThreadsProcess: 0xFF244020 OBJECT: 0xFF26D9A0(5f3a9a0) Type: 6 Thread Object Header: 0xFF26D988 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000210 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF24B020(66ea020) Type: 6 Thread Object Header: 0xFF24B008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000214 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24A020(6869020) Type: 6 Thread Object Header: 0xFF24A008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000218 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF24B300(66ea300) Type: 5 Process Object Header: 0xFF24B2E8 GrantedAccess: 0 PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF23AA40(6d9ea40) Type: 6 Thread Object Header: 0xFF23AA28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000220 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF244DA0(6a77da0) Type: 6 Thread Object Header: 0xFF244D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000224 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF244020(6a77020) Type: 5 Process Object Header: 0xFF244008 GrantedAccess: 0 PointerCount: 90 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF0EEC00(5900c00) Type: 6 Thread Object Header: 0xFF0EEBE8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000022C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF23F020(6d42020) Type: 6 Thread Object Header: 0xFF23F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000230 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF245020(6914020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000234 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF23B540(6c75540) Type: 6 Thread Object Header: 0xFF23B528 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000238 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF23A6A0(6d9e6a0) Type: 6 Thread Object Header: 0xFF23A688 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000023C ThreadsProcess: 0xFF244020 OBJECT: 0xFF2390C0(6e890c0) Type: 6 Thread Object Header: 0xFF2390A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000240 ThreadsProcess: 0xFF244020 OBJECT: 0xFF2372C0(6cca2c0) Type: 6 Thread Object Header: 0xFF2372A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000244 ThreadsProcess: 0xFF244020 OBJECT: 0xFF23A2A0(6d9e2a0) Type: 6 Thread Object Header: 0xFF23A288 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000248 ThreadsProcess: 0xFF244020 OBJECT: 0xFF114180(21c1180) Type: 6 Thread Object Header: 0xFF114168 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000458.0000024C ThreadsProcess: 0xFF119020 OBJECT: 0xFF191640(2138640) Type: 5 Process Object Header: 0xFF191628 GrantedAccess: 0 PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF2354A0(6e374a0) Type: 6 Thread Object Header: 0xFF235488 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000254 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF18B020(2b84020) Type: 6 Thread Object Header: 0xFF18B008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000025C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF231AC0(6f2dac0) Type: 6 Thread Object Header: 0xFF231AA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000260 ThreadsProcess: 0xFF231120 OBJECT: 0xFF231120(6f2d120) Type: 5 Process Object Header: 0xFF231108 GrantedAccess: 0 PointerCount: 23 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF22F020(7784020) Type: 6 Thread Object Header: 0xFF22F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000268 ThreadsProcess: 0xFF231120 OBJECT: 0xFF132020(72bf020) Type: 6 Thread Object Header: 0xFF132008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.0000026C ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF22F400(7784400) Type: 6 Thread Object Header: 0xFF22F3E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.00000270 ThreadsProcess: 0xFF22F780 OBJECT: 0xFF22F780(7784780) Type: 5 Process Object Header: 0xFF22F768 GrantedAccess: 0 PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe OBJECT: 0x82000000 OBJECT: 0xFF248DA0(681bda0) Type: 6 Thread Object Header: 0xFF248D88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000027C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF248B20(681bb20) Type: 6 Thread Object Header: 0xFF248B08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000280 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF2488A0(681b8a0) Type: 6 Thread Object Header: 0xFF248888 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000284 ThreadsProcess: 0xFF29BA80 OBJECT: 0x82000000 OBJECT: 0xFF2475A0(679a5a0) Type: 6 Thread Object Header: 0xFF247588 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000028C ThreadsProcess: 0xFF29D080 OBJECT: 0x82000000 OBJECT: 0xFF235DA0(6e37da0) Type: 6 Thread Object Header: 0xFF235D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000294 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2258E0(9be8e0) Type: 6 Thread Object Header: 0xFF2258C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000298 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF15B020(95f020) Type: 5 Process Object Header: 0xFF15B008 GrantedAccess: 0 PointerCount: 79 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF1F5D60(17dd60) Type: 5 Process Object Header: 0xFF1F5D48 GrantedAccess: 0 PointerCount: 47 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0x82000000 OBJECT: 0xFF0FB1E0(7cb61e0) Type: 6 Thread Object Header: 0xFF0FB1C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000002A8 ThreadsProcess: 0xFF144020 OBJECT: 0xFF206020(daa020) Type: 6 Thread Object Header: 0xFF206008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.000002AC ThreadsProcess: 0xFF22F780 OBJECT: 0xFF205DA0(c91da0) Type: 6 Thread Object Header: 0xFF205D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1FE020(381020) Type: 6 Thread Object Header: 0xFF1FE008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1EC980(817980) Type: 6 Thread Object Header: 0xFF1EC968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F5AE0(17dae0) Type: 6 Thread Object Header: 0xFF1F5AC8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002BC ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF1DF080(5449080) Type: 6 Thread Object Header: 0xFF1DF068 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002C0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1DDB60(3d92b60) Type: 6 Thread Object Header: 0xFF1DDB48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002C4 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1EF020(6e9020) Type: 6 Thread Object Header: 0xFF1EF008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002C8 ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF26D020(5f3a020) Type: 6 Thread Object Header: 0xFF26D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000002CC ThreadsProcess: 0xFF17D6A0 OBJECT: 0x82000000 OBJECT: 0xFF1EDC60(81c60) Type: 6 Thread Object Header: 0xFF1EDC48 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24A580(6869580) Type: 6 Thread Object Header: 0xFF24A568 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EA120(294e120) Type: 6 Thread Object Header: 0xFF1EA108 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000002DC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF1C98E0(29658e0) Type: 6 Thread Object Header: 0xFF1C98C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002E0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF16D020(63f5020) Type: 6 Thread Object Header: 0xFF16D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000002E4 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF225020(9be020) Type: 6 Thread Object Header: 0xFF225008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002E8 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF1F5020(17d020) Type: 6 Thread Object Header: 0xFF1F5008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002EC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1D0020(940020) Type: 6 Thread Object Header: 0xFF1D0008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002F0 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C38C0(938c0) Type: 6 Thread Object Header: 0xFF1C38A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F4 ThreadsProcess: 0xFCA28D60 OBJECT: 0x82000000 OBJECT: 0xFF19B020(5a5020) Type: 6 Thread Object Header: 0xFF19B008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000002FC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0xFF0F4DA0(6012da0) Object Header: 0xFF0F4D88 GrantedAccess: 0 PointerCount: 0 HandleCount: 0 OBJECT: 0xFF1B3880(b56880) Type: 6 Thread Object Header: 0xFF1B3868 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000031C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0x82000000 OBJECT: 0xFF17B6C0(2dc36c0) Type: 6 Thread Object Header: 0xFF17B6A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000324 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF0BA640(5a34640) Type: 6 Thread Object Header: 0xFF0BA628 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000328 ThreadsProcess: 0xFF144020 OBJECT: 0xFF191240(2138240) Type: 6 Thread Object Header: 0xFF191228 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000032C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1BA860(3e35860) Type: 6 Thread Object Header: 0xFF1BA848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000330 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 0 PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF0E7280(225d280) Type: 6 Thread Object Header: 0xFF0E7268 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000338 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1FB5E0(d8d5e0) Type: 6 Thread Object Header: 0xFF1FB5C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.0000033C ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C7560(597560) Type: 6 Thread Object Header: 0xFF1C7548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000340 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C7DA0(597da0) Type: 6 Thread Object Header: 0xFF1C7D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000344 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C6020(2898020) Type: 6 Thread Object Header: 0xFF1C6008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000348 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF1C70A0(5970a0) Type: 6 Thread Object Header: 0xFF1C7088 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000350 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF198140(19d1140) Type: 6 Thread Object Header: 0xFF198128 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000358 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF18CDA0(2579da0) Type: 6 Thread Object Header: 0xFF18CD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000035C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF174900(448f900) Type: 6 Thread Object Header: 0xFF1748E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.00000360 ThreadsProcess: 0xFF171B20 OBJECT: 0xFF0E7A00(225da00) Type: 6 Thread Object Header: 0xFF0E79E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000364 ThreadsProcess: 0xFF144020 OBJECT: 0xFF183020(2df9020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000368 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF264D60(62d3d60) Type: 6 Thread Object Header: 0xFF264D48 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.0000036C ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF18C560(2579560) Type: 6 Thread Object Header: 0xFF18C548 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000370 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF189580(2c46580) Type: 6 Thread Object Header: 0xFF189568 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000374 ThreadsProcess: 0xFF177660 OBJECT: 0xFF1C06E0(e6e6e0) Type: 6 Thread Object Header: 0xFF1C06C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000378 ThreadsProcess: 0xFF144020 OBJECT: 0xFF166DA0(582cda0) Type: 6 Thread Object Header: 0xFF166D88 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000037C ThreadsProcess: 0xFF17D6A0 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0xFF0F8CE0(22adce0) Type: 6 Thread Object Header: 0xFF0F8CC8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000388 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF1C1020(7bfc020) Type: 6 Thread Object Header: 0xFF1C1008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.0000038C ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1577C0(c3e7c0) Type: 6 Thread Object Header: 0xFF1577A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000390 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF28E020(57a0020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000434.00000394 ThreadsProcess: 0xFF191C40 OBJECT: 0xFF1C89A0(3e089a0) Type: 6 Thread Object Header: 0xFF1C8988 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.00000398 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1BB9C0(3c319c0) Type: 6 Thread Object Header: 0xFF1BB9A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.0000039C ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1BB740(3c31740) Type: 6 Thread Object Header: 0xFF1BB728 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003A0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1B81A0(11c1a0) Type: 6 Thread Object Header: 0xFF1B8188 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003A4 ThreadsProcess: 0xFF2744C0 OBJECT: 0x82000000 OBJECT: 0xFF1F9AA0(e90aa0) Type: 6 Thread Object Header: 0xFF1F9A88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000003AC ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF1B7DA0(6e2da0) Type: 6 Thread Object Header: 0xFF1B7D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1E8860(5bd860) Type: 6 Thread Object Header: 0xFF1E8848 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000003B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF28C020(5795020) Type: 6 Thread Object Header: 0xFF28C008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000003B8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF18BDA0(2b84da0) Type: 6 Thread Object Header: 0xFF18BD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000003BC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF18A020(2bf8020) Type: 6 Thread Object Header: 0xFF18A008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.000003C0 ThreadsProcess: 0xFF18B400 OBJECT: 0xFF18B400(2b84400) Type: 5 Process Object Header: 0xFF18B3E8 GrantedAccess: 0 PointerCount: 38 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apoint.exe OBJECT: 0xFF18A460(2bf8460) Type: 6 Thread Object Header: 0xFF18A448 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.000003C8 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF18A6E0(2bf86e0) Type: 5 Process Object Header: 0xFF18A6C8 GrantedAccess: 0 PointerCount: 13 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: HKserv.exe OBJECT: 0xFF240020(6ad8020) Type: 6 Thread Object Header: 0xFF240008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000011C.000003D0 ThreadsProcess: 0xFF0DAD60 OBJECT: 0xFF0F78C0(24b58c0) Type: 6 Thread Object Header: 0xFF0F78A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1885C0(2d155c0) Type: 6 Thread Object Header: 0xFF1885A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003DC.000003D8 ThreadsProcess: 0xFF189020 OBJECT: 0xFF189020(2c46020) Type: 5 Process Object Header: 0xFF189008 GrantedAccess: 0 PointerCount: 17 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: DragDrop.exe OBJECT: 0xFF192640(206e640) Type: 6 Thread Object Header: 0xFF192628 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.000003E0 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF0C13C0(40723c0) Type: 6 Thread Object Header: 0xFF0C13A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003E4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF193700(206b700) Type: 6 Thread Object Header: 0xFF1936E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000003E8 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF182380(2e7e380) Type: 6 Thread Object Header: 0xFF182368 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F0.000003EC ThreadsProcess: 0xFF182A20 OBJECT: 0xFF182A20(2e7ea20) Type: 5 Process Object Header: 0xFF182A08 GrantedAccess: 0 PointerCount: 10 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: alogserv.exe OBJECT: 0xFF17D6A0(30826a0) Type: 5 Process Object Header: 0xFF17D688 GrantedAccess: 0 PointerCount: 95 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: tgcmd.exe OBJECT: 0xFF1B65C0(54255c0) Type: 6 Thread Object Header: 0xFF1B65A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F0.000003F8 ThreadsProcess: 0xFF182A20 OBJECT: 0xFF271C80(5eb0c80) Type: 6 Thread Object Header: 0xFF271C68 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.000003FC ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF159320(1f1320) Type: 6 Thread Object Header: 0xFF159308 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.00000400 ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF18C9A0(25799a0) Type: 6 Thread Object Header: 0xFF18C988 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000404 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0x82000000 OBJECT: 0xFF0C08E0(50d38e0) Type: 6 Thread Object Header: 0xFF0C08C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF170020(611e020) Type: 6 Thread Object Header: 0xFF170008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000410 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF17B020(2dc3020) Type: 6 Thread Object Header: 0xFF17B008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000414 ThreadsProcess: 0xFF177660 OBJECT: 0xFF177660(40b4660) Type: 5 Process Object Header: 0xFF177648 GrantedAccess: 0 PointerCount: 54 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: PcfMgr.exe OBJECT: 0xFF176080(4556080) Type: 6 Thread Object Header: 0xFF176068 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.0000041C ThreadsProcess: 0xFF18B400 OBJECT: 0xFF173400(44ce400) Type: 6 Thread Object Header: 0xFF1733E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.00000420 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF172860(58cb860) Type: 6 Thread Object Header: 0xFF172848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF172C40(58cbc40) Type: 5 Process Object Header: 0xFF172C28 GrantedAccess: 0 PointerCount: 53 HandleCount: 2 SecurityDescriptor: 0xE1ED4B18(7911b18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;0x100201;;;SY) ImageFileName: JogServ2.exe OBJECT: 0xFF1718A0(5a598a0) Type: 6 Thread Object Header: 0xFF171888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.0000042C ThreadsProcess: 0xFF171B20 OBJECT: 0xFF171B20(5a59b20) Type: 5 Process Object Header: 0xFF171B08 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apntex.exe OBJECT: 0xFF191C40(2138c40) Type: 5 Process Object Header: 0xFF191C28 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd.exe OBJECT: 0xFF170860(611e860) Type: 6 Thread Object Header: 0xFF170848 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000438 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF0F23A0(71393a0) Type: 6 Thread Object Header: 0xFF0F2388 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000043C ThreadsProcess: 0xFF29D080 OBJECT: 0x82000000 OBJECT: 0xFF0E10E0(40a70e0) Type: 6 Thread Object Header: 0xFF0E10C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000046C.00000444 ThreadsProcess: 0xFF0E4D60 OBJECT: 0xFF16E3C0(625d3c0) Type: 5 Process Object Header: 0xFF16E3A8 GrantedAccess: 0 PointerCount: 62 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: nc.exe OBJECT: 0xFF166940(582c940) Type: 6 Thread Object Header: 0xFF166928 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000044C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF166560(582c560) Type: 6 Thread Object Header: 0xFF166548 GrantedAccess: 0 PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000450 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF1662E0(582c2e0) Type: 6 Thread Object Header: 0xFF1662C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000454 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF119020(dcc020) Type: 5 Process Object Header: 0xFF119008 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF1836E0(2df96e0) Type: 6 Thread Object Header: 0xFF1836C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000045C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF15E2E0(7c1b2e0) Type: 6 Thread Object Header: 0xFF15E2C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000460 ThreadsProcess: 0xFF17D6A0 OBJECT: 0x82000000 OBJECT: 0xFF1ECDA0(817da0) Type: 6 Thread Object Header: 0xFF1ECD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000468 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF0E4D60(6352d60) Type: 5 Process Object Header: 0xFF0E4D48 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF0E3B40(733ab40) Type: 6 Thread Object Header: 0xFF0E3B28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000470 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1468C0(2658c0) Type: 6 Thread Object Header: 0xFF1468A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000474 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF145020(1987020) Type: 6 Thread Object Header: 0xFF145008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000478 ThreadsProcess: 0xFF177660 OBJECT: 0x82000000 OBJECT: 0xFF0ED6C0(58bf6c0) Object Header: 0xFF0ED6A8 GrantedAccess: 0 PointerCount: 0 HandleCount: 0 OBJECT: 0x82000000 OBJECT: 0xFF132980(72bf980) Type: 6 Thread Object Header: 0xFF132968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000488 ThreadsProcess: 0xFF177660 Processes and threads: 288 HandleTableListHead: 0x8046BC20(46bc20) 1. TABLE: 0xFCE256E8(14426e8): Table: 0xE1002000 QuotaProcess: ProcessId: 8 HandleCount: 65 CapturedHandleCount: 65 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 1f0fff PointerCount: 43 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xE10087F0(15d97f0) Type: 18 Key Object Header: 0xE10087D8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 Directory: 0xFCE00850 Name: REGISTRY SecurityDescriptor: (null) Path: REGISTRY\ OBJECT: 0xE129D480(18a4480) Type: 18 Key Object Header: 0xE129D468 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\ OBJECT: 0xE12A15A0(18c45a0) Type: 18 Key Object Header: 0xE12A1588 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\Setup\ OBJECT: 0xE1008180(15d9180) Type: 18 Key Object Header: 0xE1008168 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\CurrentDockInfo\ OBJECT: 0xE1008100(15d9100) Type: 18 Key Object Header: 0xE10080E8 GrantedAccess: 20 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\ OBJECT: 0xE12A13E0(18c43e0) Type: 18 Key Object Header: 0xE12A13C8 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event Object Header: 0xFCDF89F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCDFD730 Name: TRKWKS_EVENT SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE12A11C0(18c41c0) Type: 18 Key Object Header: 0xE12A11A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\ OBJECT: 0xE12F0A60(19b3a60) Type: 18 Key Object Header: 0xE12F0A48 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\*PNP0501\1_0_17_0_0_0\LogConf\ OBJECT: 0xFCDC8650(13e5650) Type: 2 Directory Object Header: 0xFCDC8638 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: Sbp2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Sbp2 OBJECT: 0xFCE13020(1430020) Type: 6 Thread Object Header: 0xFCE13008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1D8A0(133a8a0) Type: 6 Thread Object Header: 0xFCD1D888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDC8840(13e5840) Type: 6 Thread Object Header: 0xFCDC8828 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDE0690(13fd690) Type: 8 Event Object Header: 0xFCDE0678 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCD87150 Name: VxKernel2VoldEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCD49370(1366370) Type: 2 Directory Object Header: 0xFCD49358 GrantedAccess: f000f PointerCount: 8 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk0 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk0 OBJECT: 0xE130F500(1a38500) Type: 18 Key Object Header: 0xE130F4E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DEVICEMAP\Scsi\ OBJECT: 0xFCE11690(142e690) Type: 2 Directory Object Header: 0xFCE11678 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: WinDfs SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\WinDfs OBJECT: 0xFCD1D620(133a620) Type: 6 Thread Object Header: 0xFCD1D608 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD33B20(1350b20) Type: 6 Thread Object Header: 0xFCD33B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1CDA0(1339da0) Type: 6 Thread Object Header: 0xFCD1CD88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD65E30(1382e30) Type: 2 Directory Object Header: 0xFCD65E18 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk1 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk1 OBJECT: 0xE12E3BC0(197ebc0) Type: 18 Key Object Header: 0xE12E3BA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\cdrom\ OBJECT: 0xE12DBEC0(1982ec0) Type: 18 Key Object Header: 0xE12DBEA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\i8042prt\ OBJECT: 0xE12F4140(19c9140) Type: 18 Key Object Header: 0xE12F4128 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mouclass\ OBJECT: 0xE12D7FA0(1954fa0) Type: 18 Key Object Header: 0xE12D7F88 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\kbdclass\ OBJECT: 0xFCC8EEA8(12abea8) Type: 26 File Object Header: 0xFCC8EE90 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\pagefile.sys OBJECT: 0xFCCA5988(12c2988) Type: 26 File Object Header: 0xFCCA5970 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCCA8708 (12c5708) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCCA7548(12c4548) Type: 26 File Object Header: 0xFCCA7530 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCCA74E8 (12c44e8) Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF236650(6b6b650) Type: 2 Directory Object Header: 0xFF236638 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk2 OBJECT: 0xFCCA78E8(12c48e8) Type: 26 File Object Header: 0xFCCA78D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCCA7788 (12c4788) Address Object: 0xFCCA75C8 (12c45c8) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCCA5348(12c2348) Type: 26 File Object Header: 0xFCCA5330 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCCA7808 (12c4808) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCCF07E0(130d7e0) Type: 6 Thread Object Header: 0xFCCF07C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000007C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCB1C68(12cec68) Type: 26 File Object Header: 0xFCCB1C50 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Gpc OBJECT: 0xFCCA7AC8(12c4ac8) Type: 26 File Object Header: 0xFCCA7AB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCCA80A8 (12c50a8) Unknown1: 0x00530073 (1) Unknown2: 0x62006d OBJECT: 0xFF249128(667c128) Type: 26 File Object Header: 0xFF249110 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ OBJECT: 0xE1310030(1a39030) Type: 19 Port Object Header: 0xE1310018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE12D60A0(194f0a0) Type: 18 Key Object Header: 0xE12D6088 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Parport\ OBJECT: 0xE12D9A00(1958a00) Type: 18 Key Object Header: 0xE12D99E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Serial\ OBJECT: 0xE1339030(1ab0030) Type: 19 Port Object Header: 0xE1339018 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE13BC040(2cbd040) Type: 19 Port Object Header: 0xE13BC028 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: SeRmCommandPort SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 00000008.00000004 ClientThread: 0x00000000 ServerProcess: 0xFCE00C60 OBJECT: 0xFCC96330(12b3330) Type: 8 Event Object Header: 0xFCC96318 GrantedAccess: 100003 PointerCount: 5 HandleCount: 2 Directory: 0xFCE00850 Name: LanmanServerAnnounceEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 28 PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF221028(8cb028) Type: 26 File Object Header: 0xFF221010 GrantedAccess: 120116 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Mup OBJECT: 0xFF221308(8cb308) Type: 26 File Object Header: 0xFF2212F0 GrantedAccess: 20 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanRedirector OBJECT: 0xE1E60030(5c61030) Type: 4 Token Object Header: 0xE1E60018 GrantedAccess: f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-7 Attributes: Mandatory Default Enabled AuthenticationID: {0,7ba7} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: NtLmSsp {0,0} TokenFlags: 0x1 Token ID: {0,7bab} ParentToken ID: {0,0} Modified ID: {0,7baa} SessionID: 0 TokenInUse: No Groups: 1 S-1-0-0 Attributes: 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-2 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-0-0 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled OBJECT: 0xE13069F0(1a269f0) Type: 17 Section Object Header: 0xE13069D8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EC33C8(7ce23c8) BasedAddress: 0x00000080 SizeOfSegment: 0x100000 OBJECT: 0xE1EC8F50(a13f50) Type: 19 Port Object Header: 0xE1EC8F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000028 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF14A508(d0c508) Type: 26 File Object Header: 0xFF14A4F0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Wave OBJECT: 0xFF1FB908(d8d908) Type: 26 File Object Header: 0xFF1FB8F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FC0C8 (d0b0c8) ConnectionHandle: 0x43000042 Connection Object: 0xFF1FB888 (d8d888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x43 AfdEndpoint: 0xFF1FBAA8 (d8daa8) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x43000042 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF1FA028(f6f028) Type: 26 File Object Header: 0xFF1FA010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FB848 (d8d848) ConnectionHandle: 0x44000043 Connection Object: 0xFF1FB188 (d8d188) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x44 AfdEndpoint: 0xFF1FB308 (d8d308) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x44000043 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF1FA5E8(f6f5e8) Type: 26 File Object Header: 0xFF1FA5D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FA588 (f6f588) ConnectionHandle: 0x45000044 Connection Object: 0xFF1FAD88 (f6fd88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x45 AfdEndpoint: 0xFF1FA788 (f6f788) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x45000044 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF1F9DE8(e90de8) Type: 26 File Object Header: 0xFF1F9DD0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FA548 (f6f548) ConnectionHandle: 0x46000045 Connection Object: 0xFF1FA0C8 (f6f0c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x46 AfdEndpoint: 0xFF1F9F88 (e90f88) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x46000045 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF126F88(250df88) Type: 26 File Object Header: 0xFF126F70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF14D588(caa588) Type: 26 File Object Header: 0xFF14D570 GrantedAccess: 120116 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF134DA8(3d67da8) Type: 26 File Object Header: 0xFF134D90 GrantedAccess: 120116 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF0F1CE8(749ece8) Type: 26 File Object Header: 0xFF0F1CD0 GrantedAccess: 12019f PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF1CDE28(1914e28) Type: 26 File Object Header: 0xFF1CDE10 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF158BE8(eb6be8) Type: 26 File Object Header: 0xFF158BD0 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF1C0EE8(e6eee8) Type: 26 File Object Header: 0xFF1C0ED0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1C3B48 (93b48) Unknown1: 0x000001E0 (1) Unknown2: 0x9fc08 Address Object: 0xFF1C0D08 (e6ed08) Local Address: 0x0:304 0.0.0.0:1027 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF1C0C88(e6ec88) Type: 26 File Object Header: 0xFF1C0C70 GrantedAccess: 3 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1B47C8(34f7c8) Type: 26 File Object Header: 0xFF1B47B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Topology OBJECT: 0xFCD24228(1341228) Type: 26 File Object Header: 0xFCD24210 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\CSC\00000001 OBJECT: 0xE20AC610(703610) Type: 19 Port Object Header: 0xE20AC5F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000028 ClientThread: 0x00000000 ServerProcess: 0x00000000 2. TABLE: 0xFCE25668(1442668): Table: 0xE1003000 QuotaProcess: ProcessId: 0 HandleCount: 62 CapturedHandleCount: 62 TableLevel: 2 StrictFIFO: No OBJECT: 0xFF276CC8(5f89cc8) Type: 26 File Object Header: 0xFF276CB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF276C68 (5f89c68) ConnectionHandle: 0x04000003 Connection Object: 0xFF276C08 (5f89c08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x4 AfdEndpoint: 0xFF276D48 (5f89d48) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x04000003 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF276EC8(5f89ec8) Type: 26 File Object Header: 0xFF276EB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF276E68 (5f89e68) ConnectionHandle: 0x03000002 Connection Object: 0xFF276E08 (5f89e08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x3 AfdEndpoint: 0xFF276F48 (5f89f48) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x03000002 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF2779E8(5dc09e8) Type: 26 File Object Header: 0xFF2779D0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF277828 (5dc0828) Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF2775E8(5dc05e8) Type: 26 File Object Header: 0xFF2775D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF277588 (5dc0588) ConnectionHandle: 0x01000000 Connection Object: 0xFF27F8E8 (5ca78e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x1 AfdEndpoint: 0xFF279A88 (5d1fa88) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x01000000 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF276028(5f89028) Type: 26 File Object Header: 0xFF276010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF277068 (5dc0068) ConnectionHandle: 0x02000001 Connection Object: 0xFF279108 (5d1f108) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x2 AfdEndpoint: 0xFF2770A8 (5dc00a8) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x02000001 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xE13E88A0(3fc78a0) Type: 18 Key Object Header: 0xE13E8888 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power\ OBJECT: 0xFCC6C8A8(12898a8) Type: 26 File Object Header: 0xFCC6C890 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM.LOG OBJECT: 0xFCC6BEA8(1288ea8) Type: 26 File Object Header: 0xFCC6BE90 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM OBJECT: 0xFCC6BF48(1288f48) Type: 26 File Object Header: 0xFCC6BF30 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT.LOG OBJECT: 0xFCC6B128(1288128) Type: 26 File Object Header: 0xFCC6B110 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT OBJECT: 0xFCC783A8(12953a8) Type: 26 File Object Header: 0xFCC78390 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM.ALT OBJECT: 0xFCC784E8(12954e8) Type: 26 File Object Header: 0xFCC784D0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM OBJECT: 0xFCC786C8(12956c8) Type: 26 File Object Header: 0xFCC786B0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE.LOG OBJECT: 0xE13A8FE0(2bacfe0) Type: 18 Key Object Header: 0xE13A8FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\ OBJECT: 0xFCC787E8(12957e8) Type: 26 File Object Header: 0xFCC787D0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE OBJECT: 0xE12D6320(194f320) Type: 18 Key Object Header: 0xE12D6308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\ OBJECT: 0xE13A6280(2b41280) Type: 18 Key Object Header: 0xE13A6268 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\ OBJECT: 0xE12D7CC0(1954cc0) Type: 18 Key Object Header: 0xE12D7CA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\ OBJECT: 0xFCC6C808(1289808) Type: 26 File Object Header: 0xFCC6C7F0 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\hiberfil.sys OBJECT: 0xE13A9FE0(2b93fe0) Type: 18 Key Object Header: 0xE13A9FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\Control\ OBJECT: 0xFCC789C8(12959c8) Type: 26 File Object Header: 0xFCC789B0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY.LOG OBJECT: 0xE12E7BC0(198dbc0) Type: 18 Key Object Header: 0xE12E7BA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\Control\ OBJECT: 0xFCC78D28(1295d28) Type: 26 File Object Header: 0xFCC78D10 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY OBJECT: 0xFF238368(6de0368) Type: 26 File Object Header: 0xFF238350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF238308 (6de0308) ConnectionHandle: 0x39000038 Connection Object: 0xFF23C9C8 (6ab19c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x39 AfdEndpoint: 0xFF2383E8 (6de03e8) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x39000038 Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF2386C8(6de06c8) Type: 26 File Object Header: 0xFF2386B0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF238668 (6de0668) Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF237EC8(6ccaec8) Type: 26 File Object Header: 0xFF237EB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF237E68 (6ccae68) ConnectionHandle: 0x3C00003B Connection Object: 0xFF237E08 (6ccae08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3c AfdEndpoint: 0xFF237F48 (6ccaf48) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3C00003B Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF237CC8(6ccacc8) Type: 26 File Object Header: 0xFF237CB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF237C68 (6ccac68) ConnectionHandle: 0x3D00003C Connection Object: 0xFF237C08 (6ccac08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3d AfdEndpoint: 0xFF237D48 (6ccad48) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3D00003C Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF275408(5dcd408) Type: 26 File Object Header: 0xFF2753F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2753A8 (5dcd3a8) ConnectionHandle: 0x06000005 Connection Object: 0xFF275E88 (5dcde88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x6 AfdEndpoint: 0xFF2754C8 (5dcd4c8) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x06000005 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF2381C8(6de01c8) Type: 26 File Object Header: 0xFF2381B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF238168 (6de0168) ConnectionHandle: 0x3A000039 Connection Object: 0xFF23C8E8 (6ab18e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3a AfdEndpoint: 0xFF238248 (6de0248) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3A000039 Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF276AC8(5f89ac8) Type: 26 File Object Header: 0xFF276AB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF276A68 (5f89a68) ConnectionHandle: 0x05000004 Connection Object: 0xFF276A08 (5f89a08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x5 AfdEndpoint: 0xFF276B48 (5f89b48) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x05000004 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF236F88(6b6bf88) Type: 26 File Object Header: 0xFF236F70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2375C8 (6cca5c8) ConnectionHandle: 0x3E00003D Connection Object: 0xFF237948 (6cca948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3e AfdEndpoint: 0xFF236008 (6b6b008) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3E00003D Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF237028(6cca028) Type: 26 File Object Header: 0xFF237010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF238068 (6de0068) ConnectionHandle: 0x3B00003A Connection Object: 0xFF263888 (60c5888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3b AfdEndpoint: 0xFF2380A8 (6de00a8) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3B00003A Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF1E1448(7e42448) Type: 26 File Object Header: 0xFF1E1430 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E4388 (7eb388) Unknown2: 0xff1e4988 Address Object: 0xFF1E1268 (7e42268) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF2332A8(6c6d2a8) Type: 26 File Object Header: 0xFF233290 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E0A28 (5183a28) Address Object: 0xFF2330C8 (6c6d0c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF163AC8(836ac8) Type: 26 File Object Header: 0xFF163AB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163A68 (836a68) ConnectionHandle: 0x4B00004A Connection Object: 0xFF163A08 (836a08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4b AfdEndpoint: 0xFF163B48 (836b48) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4B00004A Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF1C6888(2898888) Type: 26 File Object Header: 0xFF1C6870 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat.LOG OBJECT: 0xFF1591E8(1f11e8) Type: 26 File Object Header: 0xFF1591D0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF140108 (4fae108) Unknown1: 0xF07AB900 (2769900) Unknown2: 0xff140108 Address Object: 0xFF12B128 (5aff128) Local Address: 0x0:904 0.0.0.0:1033 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF164828:FF164828} OBJECT: 0xFF1B8868(11c868) Type: 26 File Object Header: 0xFF1B8850 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat OBJECT: 0xFF1CA328(6aab328) Type: 26 File Object Header: 0xFF1CA310 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat OBJECT: 0xFF1C5848(7b6c848) Type: 26 File Object Header: 0xFF1C5830 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG OBJECT: 0xFF1638C8(8368c8) Type: 26 File Object Header: 0xFF1638B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163868 (836868) ConnectionHandle: 0x4C00004B Connection Object: 0xFF163808 (836808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4c AfdEndpoint: 0xFF163948 (836948) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4C00004B Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF1636C8(8366c8) Type: 26 File Object Header: 0xFF1636B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163668 (836668) ConnectionHandle: 0x4D00004C Connection Object: 0xFF163608 (836608) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4d AfdEndpoint: 0xFF163748 (836748) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4D00004C Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF164188(7c27188) Type: 26 File Object Header: 0xFF164170 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163E08 (836e08) ConnectionHandle: 0x49000048 Connection Object: 0xFF164C28 (7c27c28) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x49 AfdEndpoint: 0xFF164208 (7c27208) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x49000048 Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF163CC8(836cc8) Type: 26 File Object Header: 0xFF163CB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163C68 (836c68) ConnectionHandle: 0x4A000049 Connection Object: 0xFF163C08 (836c08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4a AfdEndpoint: 0xFF163D48 (836d48) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4A000049 Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF164328(7c27328) Type: 26 File Object Header: 0xFF164310 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1642C8 (7c272c8) Unknown1: 0x00740073 (1) Unknown2: 0x610072 Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF162028(7b35028) Type: 26 File Object Header: 0xFF162010 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1630A8 (8360a8) Unknown1: 0x0401062B (1) Unknown2: 0x2378201 Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162D08(7b35d08) Type: 26 File Object Header: 0xFF162CF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163068 (836068) ConnectionHandle: 0x4E00004D Connection Object: 0xFF1635A8 (8365a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x4e AfdEndpoint: 0xFF162D88 (7b35d88) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4E00004D Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162BA8(7b35ba8) Type: 26 File Object Header: 0xFF162B90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF162B48 (7b35b48) ConnectionHandle: 0x4F00004E Connection Object: 0xFF1646C8 (7c276c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x4f AfdEndpoint: 0xFF162C28 (7b35c28) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4F00004E Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162A08(7b35a08) Type: 26 File Object Header: 0xFF1629F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1629A8 (7b359a8) ConnectionHandle: 0x5000004F Connection Object: 0xFF162948 (7b35948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x50 AfdEndpoint: 0xFF162A88 (7b35a88) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x5000004F Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162808(7b35808) Type: 26 File Object Header: 0xFF1627F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1627A8 (7b357a8) ConnectionHandle: 0x51000050 Connection Object: 0xFF162748 (7b35748) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x51 AfdEndpoint: 0xFF162888 (7b35888) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x51000050 Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162608(7b35608) Type: 26 File Object Header: 0xFF1625F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1625A8 (7b355a8) ConnectionHandle: 0x52000051 Connection Object: 0xFF162548 (7b35548) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x52 AfdEndpoint: 0xFF162688 (7b35688) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x52000051 Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF1D2028(6755028) Type: 26 File Object Header: 0xFF1D2010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF150948 (c95948) ConnectionHandle: 0x87000055 Connection Object: 0xFF28FD88 (575bd88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x87 AfdEndpoint: 0xFF1861A8 (2daf1a8) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x87000055 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF169F88(7091f88) Type: 26 File Object Header: 0xFF169F70 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20B6A8 (ee26a8) ConnectionHandle: 0x58000052 Connection Object: 0xFF164828 (7c27828) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF12B128 (5aff128) ConnectionId: 0x58 AfdEndpoint: 0xFF156A88 (ca1a88) ProcessId: 0xf0 lsass.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x58000052 Address Object: 0xFF12B128 (5aff128) Local Address: 0x0:904 0.0.0.0:1033 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF164828:FF164828} OBJECT: 0xFF158968(eb6968) Type: 26 File Object Header: 0xFF158950 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1271E8 (440c1e8) Unknown1: 0x206C644D (1) Unknown2: 0xff22d288 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF1FC588(d0b588) Type: 26 File Object Header: 0xFF1FC570 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1D38E8 (6c098e8) ConnectionHandle: 0x86000059 Connection Object: 0xFF2518A8 (65f28a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x86 AfdEndpoint: 0xFF12B648 (5aff648) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x86000059 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF1587A8(eb67a8) Type: 26 File Object Header: 0xFF158790 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E7848 (7e4848) Unknown2: 0xff1e7868 Address Object: 0xFF12CCA8 (5abeca8) Local Address: 0x0:1f04 0.0.0.0:1055 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF272D88:FF272D88} OBJECT: 0xFF1CD0A8(19140a8) Type: 26 File Object Header: 0xFF1CD090 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1E7808 (7e4808) ConnectionHandle: 0x84000047 Connection Object: 0xFF272D88 (5f25d88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF12CCA8 (5abeca8) ConnectionId: 0x84 AfdEndpoint: 0xFF22CF48 (7aeff48) ProcessId: 0xf0 lsass.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x84000047 Address Object: 0xFF12CCA8 (5abeca8) Local Address: 0x0:1f04 0.0.0.0:1055 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF272D88:FF272D88} OBJECT: 0xFF1FEF08(381f08) Type: 26 File Object Header: 0xFF1FEEF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF182F88 (2e7ef88) ConnectionHandle: 0x88000053 Connection Object: 0xFF157B68 (c3eb68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x88 AfdEndpoint: 0xFF12AAC8 (6900ac8) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x88000053 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF1608E8(70be8e8) Type: 26 File Object Header: 0xFF1608D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF28B4C8 (579d4c8) ConnectionHandle: 0x89000056 Connection Object: 0xFF293CA8 (55dbca8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x89 AfdEndpoint: 0xFF15F008 (7aa0008) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x89000056 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF17C3A8(2c663a8) Type: 26 File Object Header: 0xFF17C390 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FE728 (381728) ConnectionHandle: 0xBC000054 Connection Object: 0xFF15A488 (84b488) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0xbc AfdEndpoint: 0xFF142008 (5a6f008) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0xBC000054 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF16B2C8(65d62c8) Type: 26 File Object Header: 0xFF16B2B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16B268 (65d6268) ConnectionHandle: 0xB700005F Connection Object: 0xFF1C4128 (6758128) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16B008 (65d6008) ConnectionId: 0xb7 AfdEndpoint: 0xFCA256E8 (10426e8) ProcessId: 0x448 nc.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0xB700005F Address Object: 0xFF16B008 (65d6008) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1C4128:FF1C4128} OBJECT: 0xFF127168(440c168) Type: 26 File Object Header: 0xFF127150 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF15BD28 (95fd28) Unknown1: 0x61746F51 (1) Unknown2: 0x1900000 Address Object: 0xFF16B008 (65d6008) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1C4128:FF1C4128} 3. TABLE: 0xFCC99228(12b6228): Table: 0xE13C1000 QuotaProcess: 0xFCC992C0 ProcessId: 9c HandleCount: 33 CapturedHandleCount: 0 TableLevel: 2 StrictFIFO: No 4. TABLE: 0xFCC6DC48(128ac48): Table: 0xE1D2D000 QuotaProcess: 0xFCC69480 ProcessId: b4 HandleCount: 332 CapturedHandleCount: 332 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12B48D0(19b28d0) Type: 17 Section Object Header: 0xE12B48B8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1317008(1ae0008) BasedAddress: 0x2EB88430 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\csrss.exe OBJECT: 0xFCC69320(1286320) Type: 8 Event Object Header: 0xFCC69308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC692E0(12862e0) Type: 8 Event Object Header: 0xFCC692C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68FE0(1285fe0) Type: 8 Event Object Header: 0xFCC68FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCC68F48(1285f48) Type: 26 File Object Header: 0xFCC68F30 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFCA28D60(1045d60) Type: 5 Process Object Header: 0xFCA28D48 GrantedAccess: 1f0fff PointerCount: 212 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xE1317B30(1ae0b30) Type: 17 Section Object Header: 0xE1317B18 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1D15528(4252528) BasedAddress: 0x000000C0 SizeOfSegment: 0x100000 OBJECT: 0xFCC68B20(1285b20) Type: 8 Event Object Header: 0xFCC68B08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68590(1285590) Type: 2 Directory Object Header: 0xFCC68578 GrantedAccess: f000f PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Restricted SecurityDescriptor: 0xE1D303B8(42cb3b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCLCSWRC;;;RC) FullPath: \BaseNamedObjects\Restricted OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: f000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1f0001 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1D311A0(42ed1a0) Type: 17 Section Object Header: 0xE1D31188 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionUnicode SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D311E8(42ed1e8) BasedAddress: 0x2EB9BCD0 SizeOfSegment: 0x15df4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\unicode.nls OBJECT: 0xE1D32E40(4275e40) Type: 17 Section Object Header: 0xE1D32E28 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionLocale SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D32E88(4275e88) BasedAddress: 0x2EBA44D8 SizeOfSegment: 0x2eeec SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\locale.nls OBJECT: 0xE1D32C60(4275c60) Type: 17 Section Object Header: 0xE1D32C48 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionCType SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1321408(1a71408) BasedAddress: 0x2EBA64D0 SizeOfSegment: 0x1b9e SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ctype.nls OBJECT: 0xE1D329A0(42759a0) Type: 17 Section Object Header: 0xE1D32988 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionSortkey SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D329E8(42759e8) BasedAddress: 0x2EBA84C8 SizeOfSegment: 0x40004 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sortkey.nls OBJECT: 0xE1D33280(42b7280) Type: 17 Section Object Header: 0xE1D33268 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionSortTbls SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D32BC8(4275bc8) BasedAddress: 0x2EBAA4C0 SizeOfSegment: 0x3580 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sorttbls.nls OBJECT: 0xFCC67340(1284340) Type: 8 Event Object Header: 0xFCC67328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC67300(1284300) Type: 8 Event Object Header: 0xFCC672E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC672C0(12842c0) Type: 8 Event Object Header: 0xFCC672A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC67280(1284280) Type: 8 Event Object Header: 0xFCC67268 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1321D60(1a71d60) Type: 18 Key Object Header: 0xE1321D48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE131F740(1a6c740) Type: 18 Key Object Header: 0xE131F728 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE12B4240(19b2240) Type: 18 Key Object Header: 0xE12B4228 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE1D33D70(42b7d70) Type: 19 Port Object Header: 0xE1D33D58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC60AC0(127dac0) Type: 6 Thread Object Header: 0xFCC60AA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCC60A40(127da40) Type: 8 Event Object Header: 0xFCC60A28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60A00(127da00) Type: 8 Event Object Header: 0xFCC609E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC609C0(127d9c0) Type: 8 Event Object Header: 0xFCC609A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60980(127d980) Type: 8 Event Object Header: 0xFCC60968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60940(127d940) Type: 8 Event Object Header: 0xFCC60928 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DB3E20(4f7ce20) Type: 19 Port Object Header: 0xE1DB3E08 GrantedAccess: 1f0001 PointerCount: 99 HandleCount: 1 Directory: 0xFCCB1690 Name: ApiPort SecurityDescriptor: 0xE1DB2378(4f7b378) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD)(A;;0x1f0001;;;RC) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC69480 OBJECT: 0xFCC605E0(127d5e0) Type: 8 Event Object Header: 0xFCC605C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D538A0(4f318a0) Type: 18 Key Object Header: 0xE1D53888 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\ OBJECT: 0xE1DB7530(4fc8530) Type: 19 Port Object Header: 0xE1DB7518 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA297A0(10467a0) Type: 6 Thread Object Header: 0xFCA29788 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA29760(1046760) Type: 8 Event Object Header: 0xFCA29748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA293C0(10463c0) Type: 6 Thread Object Header: 0xFCA293A8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC69480 OBJECT: 0xE1DB7440(4fc8440) Type: 19 Port Object Header: 0xE1DB7428 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCCB1690 Name: SbApiPort SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC69480 OBJECT: 0xFCA28020(1045020) Type: 6 Thread Object Header: 0xFCA28008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC69480 OBJECT: 0xE1DB9950(4faa950) Type: 19 Port Object Header: 0xE1DB9938 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68020(1285020) Type: 6 Thread Object Header: 0xFCC68008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000090 ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1DBED30(4ff8d30) Type: 19 Port Object Header: 0xE1DBED18 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA264E0(10434e0) Type: 6 Thread Object Header: 0xFCA264C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA261C0(10431c0) Type: 8 Event Object Header: 0xFCA261A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29FFA0(516dfa0) Type: 8 Event Object Header: 0xFF29FF88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29F5A0(516d5a0) Type: 8 Event Object Header: 0xFF29F588 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29EDD0(5209dd0) Type: 8 Event Object Header: 0xFF29EDB8 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: WinSta0_DesktopSwitch SecurityDescriptor: 0xE1DE8458(510b458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF29EAA8(5209aa8) Type: 26 File Object Header: 0xFF29EA90 GrantedAccess: 100001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001c OBJECT: 0xFF29E028(5209028) Type: 26 File Object Header: 0xFF29E010 GrantedAccess: 100001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001d OBJECT: 0xFF295780(5556780) Type: 6 Thread Object Header: 0xFF295768 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29DCA0(520aca0) Type: 6 Thread Object Header: 0xFF29DC88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29D6C0(520a6c0) Type: 6 Thread Object Header: 0xFF29D6A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 1f0fff PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF1E3C00(61cc00) Type: 6 Thread Object Header: 0xFF1E3BE8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF29CA20(5273a20) Type: 6 Thread Object Header: 0xFF29CA08 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 1f0fff PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF282A60(5b8da60) Type: 6 Thread Object Header: 0xFF282A48 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000178 ThreadsProcess: 0xFF29D080 OBJECT: 0xE1DECC90(5150c90) Type: 19 Port Object Header: 0xE1DECC78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2990A0(53680a0) Type: 8 Event Object Header: 0xFF299088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC7B10(50d2b10) Type: 19 Port Object Header: 0xE1DC7AF8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF297220(5379220) Type: 6 Thread Object Header: 0xFF297208 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF296020(53bd020) Type: 6 Thread Object Header: 0xFF296008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFF29D080 OBJECT: 0xFF295020(5556020) Type: 6 Thread Object Header: 0xFF295008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF295BE0(5556be0) Type: 6 Thread Object Header: 0xFF295BC8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF290720(560b720) Type: 6 Thread Object Header: 0xFF290708 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF2949E0(55679e0) Type: 6 Thread Object Header: 0xFF2949C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF294500(5567500) Type: 6 Thread Object Header: 0xFF2944E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1B7DA0(6e2da0) Type: 6 Thread Object Header: 0xFF1B7D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF28F720(575b720) Type: 6 Thread Object Header: 0xFF28F708 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF0E7A00(225da00) Type: 6 Thread Object Header: 0xFF0E79E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000364 ThreadsProcess: 0xFF144020 OBJECT: 0xE12E41A0(19a31a0) Type: 18 Key Object Header: 0xE12E4188 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xFF28EDA0(57a0da0) Type: 6 Thread Object Header: 0xFF28ED88 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000012C ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF0EB400(6e7a400) Type: 6 Thread Object Header: 0xFF0EB3E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000000D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF264D60(62d3d60) Type: 6 Thread Object Header: 0xFF264D48 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.0000036C ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF1C7560(597560) Type: 6 Thread Object Header: 0xFF1C7548 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000340 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF28BD60(579dd60) Type: 6 Thread Object Header: 0xFF28BD48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28D6C0(58b36c0) Type: 6 Thread Object Header: 0xFF28D6A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFF29D080 OBJECT: 0xE1EB1BF0(721bf0) Type: 19 Port Object Header: 0xE1EB1BD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF26D020(5f3a020) Type: 6 Thread Object Header: 0xFF26D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000002CC ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF28B6E0(579d6e0) Type: 6 Thread Object Header: 0xFF28B6C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1C1020(7bfc020) Type: 6 Thread Object Header: 0xFF1C1008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.0000038C ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1E7020(7e4020) Type: 6 Thread Object Header: 0xFF1E7008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000154 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF289020(58c3020) Type: 6 Thread Object Header: 0xFF289008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286DA0(5952da0) Type: 6 Thread Object Header: 0xFF286D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF15B020(95f020) Type: 5 Process Object Header: 0xFF15B008 GrantedAccess: 1f0fff PointerCount: 79 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF1CF020(682020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000164 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF2875A0(590d5a0) Type: 6 Thread Object Header: 0xFF287588 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF287240(590d240) Type: 6 Thread Object Header: 0xFF287228 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286460(5952460) Type: 6 Thread Object Header: 0xFF286448 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2861E0(59521e0) Type: 6 Thread Object Header: 0xFF2861C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF281580(5bdd580) Type: 6 Thread Object Header: 0xFF281568 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280560(5bfe560) Type: 6 Thread Object Header: 0xFF280548 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280D40(5bfed40) Type: 6 Thread Object Header: 0xFF280D28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF244020(6a77020) Type: 5 Process Object Header: 0xFF244008 GrantedAccess: 1f0fff PointerCount: 90 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF27F260(5ca7260) Type: 6 Thread Object Header: 0xFF27F248 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000018C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF278580(5d81580) Type: 6 Thread Object Header: 0xFF278568 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000190 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27E840(5bec840) Type: 5 Process Object Header: 0xFF27E828 GrantedAccess: 1f0fff PointerCount: 110 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF27E540(5bec540) Type: 6 Thread Object Header: 0xFF27E528 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000194 ThreadsProcess: 0xFF27E840 OBJECT: 0xE1E62C90(5d23c90) Type: 19 Port Object Header: 0xE1E62C78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF27C9E0(5d6f9e0) Type: 6 Thread Object Header: 0xFF27C9C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000019C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27BCE0(5cf0ce0) Type: 6 Thread Object Header: 0xFF27BCC8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27BA40(5cf0a40) Type: 6 Thread Object Header: 0xFF27BA28 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF240020(6ad8020) Type: 6 Thread Object Header: 0xFF240008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000011C.000003D0 ThreadsProcess: 0xFF0DAD60 OBJECT: 0xFF275960(5dcd960) Type: 6 Thread Object Header: 0xFF275948 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000001AC ThreadsProcess: 0xFF27E840 OBJECT: 0xFF2744C0(5dce4c0) Type: 5 Process Object Header: 0xFF2744A8 GrantedAccess: 1f0fff PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF278020(5d81020) Type: 6 Thread Object Header: 0xFF278008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xE1E68030(5ec3030) Type: 19 Port Object Header: 0xE1E68018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF273120(5df1120) Type: 6 Thread Object Header: 0xFF273108 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272980(5f25980) Type: 6 Thread Object Header: 0xFF272968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001BC ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF193020(206b020) Type: 6 Thread Object Header: 0xFF193008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000001C0 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1B9900(76f8900) Type: 6 Thread Object Header: 0xFF1B98E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C4 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272220(5f25220) Type: 6 Thread Object Header: 0xFF272208 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF26F9E0(61539e0) Type: 5 Process Object Header: 0xFF26F9C8 GrantedAccess: 1f0fff PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF26F6A0(61536a0) Type: 6 Thread Object Header: 0xFF26F688 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001CC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xE1E6C6D0(5f356d0) Type: 19 Port Object Header: 0xE1E6C6B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF26E220(5fbb220) Type: 6 Thread Object Header: 0xFF26E208 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001D4 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF26DD40(5f3ad40) Type: 6 Thread Object Header: 0xFF26DD28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27D020(5c70020) Type: 5 Process Object Header: 0xFF27D008 GrantedAccess: 1f0fff PointerCount: 113 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF266D00(6020d00) Type: 6 Thread Object Header: 0xFF266CE8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001DC ThreadsProcess: 0xFF27D020 OBJECT: 0xE1E70DF0(5f7edf0) Type: 19 Port Object Header: 0xE1E70DD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF159320(1f1320) Type: 6 Thread Object Header: 0xFF159308 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.00000400 ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF264020(62d3020) Type: 6 Thread Object Header: 0xFF264008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001E8 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF0E4D60(6352d60) Type: 5 Process Object Header: 0xFF0E4D48 GrantedAccess: 1f0fff PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF25C200(64a7200) Type: 6 Thread Object Header: 0xFF25C1E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F95A0(e905a0) Type: 6 Thread Object Header: 0xFF1F9588 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25BDA0(65b9da0) Type: 6 Thread Object Header: 0xFF25BD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25B760(65b9760) Type: 6 Thread Object Header: 0xFF25B748 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001FC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF13F8A0(6ffc8a0) Type: 6 Thread Object Header: 0xFF13F888 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000200 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24E7C0(66c57c0) Type: 6 Thread Object Header: 0xFF24E7A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.00000204 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF2513E0(65f23e0) Type: 6 Thread Object Header: 0xFF2513C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000208 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF2488A0(681b8a0) Type: 6 Thread Object Header: 0xFF248888 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000284 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF26D9A0(5f3a9a0) Type: 6 Thread Object Header: 0xFF26D988 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000210 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF24D380(6704380) Type: 6 Thread Object Header: 0xFF24D368 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000020C ThreadsProcess: 0xFF244020 OBJECT: 0xFF24B020(66ea020) Type: 6 Thread Object Header: 0xFF24B008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000214 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24B300(66ea300) Type: 5 Process Object Header: 0xFF24B2E8 GrantedAccess: 1f0fff PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF24A020(6869020) Type: 6 Thread Object Header: 0xFF24A008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000218 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF25DC40(639bc40) Type: 8 Event Object Header: 0xFF25DC28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E8AAD0(6a73ad0) Type: 19 Port Object Header: 0xE1E8AAB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23AA40(6d9ea40) Type: 6 Thread Object Header: 0xFF23AA28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000220 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF244DA0(6a77da0) Type: 6 Thread Object Header: 0xFF244D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000224 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF2446E0(6a776e0) Type: 6 Thread Object Header: 0xFF2446C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000188 ThreadsProcess: 0xFF244020 OBJECT: 0xE1E97E90(6ac1e90) Type: 19 Port Object Header: 0xE1E97E78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23F020(6d42020) Type: 6 Thread Object Header: 0xFF23F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000230 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF245020(6914020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000234 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF23B540(6c75540) Type: 6 Thread Object Header: 0xFF23B528 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000238 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF23A6A0(6d9e6a0) Type: 6 Thread Object Header: 0xFF23A688 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000023C ThreadsProcess: 0xFF244020 OBJECT: 0xFF2390C0(6e890c0) Type: 6 Thread Object Header: 0xFF2390A8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000240 ThreadsProcess: 0xFF244020 OBJECT: 0xFF2372C0(6cca2c0) Type: 6 Thread Object Header: 0xFF2372A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000244 ThreadsProcess: 0xFF244020 OBJECT: 0xFF23A2A0(6d9e2a0) Type: 6 Thread Object Header: 0xFF23A288 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000248 ThreadsProcess: 0xFF244020 OBJECT: 0xFF0E7280(225d280) Type: 6 Thread Object Header: 0xFF0E7268 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000338 ThreadsProcess: 0xFF144020 OBJECT: 0xFF2354A0(6e374a0) Type: 6 Thread Object Header: 0xFF235488 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000254 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1FB5E0(d8d5e0) Type: 6 Thread Object Header: 0xFF1FB5C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.0000033C ThreadsProcess: 0xFF27D020 OBJECT: 0xFF191240(2138240) Type: 6 Thread Object Header: 0xFF191228 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000032C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF231120(6f2d120) Type: 5 Process Object Header: 0xFF231108 GrantedAccess: 1f0fff PointerCount: 23 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF231AC0(6f2dac0) Type: 6 Thread Object Header: 0xFF231AA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000260 ThreadsProcess: 0xFF231120 OBJECT: 0xE1EB3F50(753af50) Type: 19 Port Object Header: 0xE1EB3F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF22F020(7784020) Type: 6 Thread Object Header: 0xFF22F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000268 ThreadsProcess: 0xFF231120 OBJECT: 0xFF132020(72bf020) Type: 6 Thread Object Header: 0xFF132008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.0000026C ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF22F780(7784780) Type: 5 Process Object Header: 0xFF22F768 GrantedAccess: 1f0fff PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe OBJECT: 0xFF22F400(7784400) Type: 6 Thread Object Header: 0xFF22F3E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.00000270 ThreadsProcess: 0xFF22F780 OBJECT: 0xE1EAE6B0(71076b0) Type: 19 Port Object Header: 0xE1EAE698 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF233460(6c6d460) Type: 8 Event Object Header: 0xFF233448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17B980(2dc3980) Type: 6 Thread Object Header: 0xFF17B968 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.00000134 ThreadsProcess: 0xFF191640 OBJECT: 0xFF2475A0(679a5a0) Type: 6 Thread Object Header: 0xFF247588 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000028C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1577C0(c3e7c0) Type: 6 Thread Object Header: 0xFF1577A8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000390 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF235DA0(6e37da0) Type: 6 Thread Object Header: 0xFF235D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000294 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2258E0(9be8e0) Type: 6 Thread Object Header: 0xFF2258C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000298 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF0EEC00(5900c00) Type: 6 Thread Object Header: 0xFF0EEBE8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000022C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE1E1D550(54c9550) Type: 19 Port Object Header: 0xE1E1D538 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1D0020(940020) Type: 6 Thread Object Header: 0xFF1D0008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002F0 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF206020(daa020) Type: 6 Thread Object Header: 0xFF206008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.000002AC ThreadsProcess: 0xFF22F780 OBJECT: 0xFF205DA0(c91da0) Type: 6 Thread Object Header: 0xFF205D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1FE020(381020) Type: 6 Thread Object Header: 0xFF1FE008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1DF080(5449080) Type: 6 Thread Object Header: 0xFF1DF068 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002C0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F5D60(17dd60) Type: 5 Process Object Header: 0xFF1F5D48 GrantedAccess: 1f0fff PointerCount: 47 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF1F5AE0(17dae0) Type: 6 Thread Object Header: 0xFF1F5AC8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002BC ThreadsProcess: 0xFF1F5D60 OBJECT: 0xE1E74510(60a4510) Type: 19 Port Object Header: 0xE1E744F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1EF020(6e9020) Type: 6 Thread Object Header: 0xFF1EF008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002C8 ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF1ECDA0(817da0) Type: 6 Thread Object Header: 0xFF1ECD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000468 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1FBDA0(d8dda0) Type: 6 Thread Object Header: 0xFF1FBD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000148 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EDC60(81c60) Type: 6 Thread Object Header: 0xFF1EDC48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EC980(817980) Type: 6 Thread Object Header: 0xFF1EC968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24A580(6869580) Type: 6 Thread Object Header: 0xFF24A568 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EA120(294e120) Type: 6 Thread Object Header: 0xFF1EA108 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000002DC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF1C98E0(29658e0) Type: 6 Thread Object Header: 0xFF1C98C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002E0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF16D020(63f5020) Type: 6 Thread Object Header: 0xFF16D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000002E4 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF225020(9be020) Type: 6 Thread Object Header: 0xFF225008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002E8 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF1F5020(17d020) Type: 6 Thread Object Header: 0xFF1F5008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002EC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C38C0(938c0) Type: 6 Thread Object Header: 0xFF1C38A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF0DAD60(414dd60) Type: 5 Process Object Header: 0xFF0DAD48 GrantedAccess: 1f0fff PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF1DDB60(3d92b60) Type: 6 Thread Object Header: 0xFF1DDB48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002C4 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1E8860(5bd860) Type: 6 Thread Object Header: 0xFF1E8848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000003B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1EB2870(9a4870) Type: 19 Port Object Header: 0xE1EB2858 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1BE020(5dc2020) Type: 6 Thread Object Header: 0xFF1BE008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF114180(21c1180) Type: 6 Thread Object Header: 0xFF114168 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000458.0000024C ThreadsProcess: 0xFF119020 OBJECT: 0xFF0F23A0(71393a0) Type: 6 Thread Object Header: 0xFF0F2388 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000043C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1BA860(3e35860) Type: 6 Thread Object Header: 0xFF1BA848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000330 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF170CC0(611ecc0) Type: 6 Thread Object Header: 0xFF170CA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.000001E4 ThreadsProcess: 0xFF191640 OBJECT: 0xFF12BD20(5affd20) Type: 8 Event Object Header: 0xFF12BD08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0C12E0(40722e0) Type: 8 Event Object Header: 0xFF0C12C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 1f0fff PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF1C7DA0(597da0) Type: 6 Thread Object Header: 0xFF1C7D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000344 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C6020(2898020) Type: 6 Thread Object Header: 0xFF1C6008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000348 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1B7700(6e2700) Type: 6 Thread Object Header: 0xFF1B76E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: